THRIFT-4211: Fix logging in c_glib
This closes #1278
diff --git a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c
index be8637d..bc75e2c 100644
--- a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c
+++ b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c
@@ -159,7 +159,7 @@
gchar byte;
rc = SSL_peek(ssl_socket->ssl, &byte, 1);
if (rc < 0) {
- g_set_error (error,
+ g_set_error (error,
THRIFT_TRANSPORT_ERROR,
THRIFT_SSL_SOCKET_ERROR_SSL,
"failed to peek at socket - id?");
@@ -409,44 +409,46 @@
if(cls!=NULL && ssl_socket->ssl!=NULL){
int rc = SSL_get_verify_result(ssl_socket->ssl);
if (rc != X509_V_OK) { /* verify authentication result */
- if (rc == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && ssl_socket->allow_selfsigned) {
- g_debug("The certificate is a self-signed certificate and configuration allows it");
- } else {
- g_error("The certificate verification failed: %s (%d)", X509_verify_cert_error_string(rc), rc);
- return FALSE;
- }
+ if (rc == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && ssl_socket->allow_selfsigned) {
+ g_debug("The certificate is a self-signed certificate and configuration allows it");
+ } else {
+ g_set_error (error,
+ THRIFT_TRANSPORT_ERROR,
+ THRIFT_SSL_SOCKET_ERROR_SSL_CERT_VALIDATION_FAILED,
+ "The certificate verification failed: %s (%d)", X509_verify_cert_error_string(rc), rc);
+ return FALSE;
+ }
}
X509* cert = SSL_get_peer_certificate(ssl_socket->ssl);
if (cert == NULL) {
- if (SSL_get_verify_mode(ssl_socket->ssl) & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
- g_error("No certificate present");
- return FALSE;
- }
-
- g_debug("No certificate required");
- return TRUE;
+ if (SSL_get_verify_mode(ssl_socket->ssl) & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
+ g_set_error (error,
+ THRIFT_TRANSPORT_ERROR,
+ THRIFT_SSL_SOCKET_ERROR_SSL_CERT_VALIDATION_FAILED,
+ "No certificate present. Are you connecting SSL server?");
+ return FALSE;
+ }
+ g_debug("No certificate required");
+ return TRUE;
}
/* certificate is present, since we don't support access manager we are done */
if (cls->authorize_peer == NULL) {
- X509_free(cert);
- g_debug("Certificate presented but we're not checking it");
- return TRUE;
+ X509_free(cert);
+ g_debug("Certificate presented but we're not checking it");
+ return TRUE;
} else {
- /* both certificate and access manager are present */
- struct sockaddr_storage sa;
- socklen_t saLength = sizeof(struct sockaddr_storage);
-
- if (getpeername(socket->sd, (struct sockaddr*)&sa, &saLength) != 0) {
- sa.ss_family = AF_UNSPEC;
- }
-
- authorization_result = cls->authorize_peer(transport, cert, &sa, error);
+ /* both certificate and access manager are present */
+ struct sockaddr_storage sa;
+ socklen_t saLength = sizeof(struct sockaddr_storage);
+ if (getpeername(socket->sd, (struct sockaddr*)&sa, &saLength) != 0) {
+ sa.ss_family = AF_UNSPEC;
+ }
+ authorization_result = cls->authorize_peer(transport, cert, &sa, error);
}
-
if(cert != NULL) {
- X509_free(cert);
+ X509_free(cert);
}
}
diff --git a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h
index 0d415b2..659c88d 100644
--- a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h
+++ b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h
@@ -54,7 +54,8 @@
{
THRIFT_SSL_SOCKET_ERROR_TRANSPORT=7,
THRIFT_SSL_SOCKET_ERROR_CIPHER_NOT_AVAILABLE,
- THRIFT_SSL_SOCKET_ERROR_SSL
+ THRIFT_SSL_SOCKET_ERROR_SSL,
+ THRIFT_SSL_SOCKET_ERROR_SSL_CERT_VALIDATION_FAILED
} ThriftSSLSocketError;