void extra_debugging(const struct connection *c) { if (c == NULL) { reset_debugging(); return; } if (c != NULL && c->extra_debugging != 0) { libreswan_log("extra debugging enabled for connection: %s", bitnamesof(debug_bit_names, c->extra_debugging & ~cur_debugging)); set_debugging(cur_debugging | c->extra_debugging); } /* * if any debugging is no, make sure that we log the connection * we are processing, because it may not be clear in later debugging. */ if (cur_debugging) { char b1[CONN_INST_BUF]; fmt_conn_instance(c, b1); DBG_log("processing connection %s%s", c->name, b1); } }
/* * delete all states that were created for a given connection, * additionally delete any states for which func(st, arg) * returns true. */ static void foreach_states_by_connection_func(struct connection *c , bool (*comparefunc)(struct state *st, struct connection *c, void *arg, int pass) , void (*successfunc)(struct state *st, struct connection *c, void *arg) , void *arg) { int pass; /* this kludge avoids an n^2 algorithm */ /* We take two passes so that we delete any ISAKMP SAs last. * This allows Delete Notifications to be sent. * ?? We could probably double the performance by caching any * ISAKMP SA states found in the first pass, avoiding a second. */ for (pass = 0; pass != 2; pass++) { int i; /* For each hash chain... */ for (i = 0; i < STATE_TABLE_SIZE; i++) { struct state *st; /* For each state in the hash chain... */ for (st = statetable[i]; st != NULL; ) { struct state *this = st; st = st->st_hashchain_next; /* before this is deleted */ /* on pass 2, ignore phase2 states */ if(pass == 1 && IS_ISAKMP_SA_ESTABLISHED(this->st_state)) { continue; } /* call comparison function */ if ((*comparefunc)(this, c, arg, pass)) { struct state *old_cur_state = cur_state == this? NULL : cur_state; #ifdef DEBUG lset_t old_cur_debugging = cur_debugging; #endif set_cur_state(this); (*successfunc)(this, c, arg); cur_state = old_cur_state; #ifdef DEBUG set_debugging(old_cur_debugging); #endif } } } } }
void extra_debugging(const struct connection *c) { set_debugging(cur_debugging | c->extra_debugging); }
main(int argc, char *argv[]) { int i; chunk_t blob, crl_uri; err_t e; cert_t cacert,t1; time_t until; /* sadly, this is actually too late */ EF_DISABLE_BANNER = 1; progname = argv[0]; leak_detective=1; tool_init_log(); load_oswcrypto(); set_debugging(DBG_X509|DBG_PARSING|DBG_CONTROL); until =1421896274; set_fake_x509_time(until); /* Wed Jan 21 22:11:14 2015 */ #ifdef HAVE_LIBNSS { SECStatus nss_init_status= NSS_InitReadWrite("nss.d"); if (nss_init_status != SECSuccess) { fprintf(stderr, "NSS initialization failed (err %d)\n", PR_GetError()); exit(10); } else { printf("NSS Initialized\n"); PK11_SetPasswordFunc(getNSSPassword); } } #endif if(argc < 3) { fprintf(stderr, "Usage: nsscert CAcertfile.pem cert1.pem cert2.pem...\n"); exit(5); } /* skip argv0 */ argc--; argv++; /* load CAcert */ if(!load_cert(CERT_NONE, argv[0], TRUE, "cacert", &cacert)) { printf("could not load CA cert file: %s\n", argv[0]); exit(1); } add_authcert(cacert.u.x509, AUTH_CA); argc--; argv++; while(argc-- > 0) { char *file = *argv++; /* load target cert */ if(!load_cert(CERT_NONE, file, TRUE, "test1", &t1)) { printf("could not load cert file: %s\n", file); exit(1); } until += 86400; if(verify_x509cert(t1.u.x509, FALSE, &until) == FALSE) { printf("verify x509 failed\n"); exit(3); } printf("cert: %s is valid\n", file); free_x509cert(t1.u.x509); } free_x509cert(cacert.u.x509); report_leaks(); tool_close_log(); exit(0); }