From 4eb3b76b0f603e80d49cbc75d6c7072ac2fbc9f5 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 29 May 2014 13:51:19 +0300 Subject: [PATCH] OpenSSL: Fix OCSP certificate debug print to use wpa_printf Instead of using X509_print_fp() to print directly to stdout, print the certificate dump to a memory BIO and use wpa_printf() to get this into the debug log. This allows redirection of debug log to work better and avoids undesired stdout prints when debugging is not enabled. Signed-off-by: Jouni Malinen --- src/crypto/tls_openssl.c | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 58a07cf50..d2d660034 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -2968,6 +2968,41 @@ static void ocsp_debug_print_resp(OCSP_RESPONSE *rsp) } +static void debug_print_cert(X509 *cert, const char *title) +{ +#ifndef CONFIG_NO_STDOUT_DEBUG + BIO *out; + size_t rlen; + char *txt; + int res; + + if (wpa_debug_level > MSG_DEBUG) + return; + + out = BIO_new(BIO_s_mem()); + if (!out) + return; + + X509_print(out, cert); + rlen = BIO_ctrl_pending(out); + txt = os_malloc(rlen + 1); + if (!txt) { + BIO_free(out); + return; + } + + res = BIO_read(out, txt, rlen); + if (res > 0) { + txt[res] = '\0'; + wpa_printf(MSG_DEBUG, "OpenSSL: %s\n%s", title, txt); + } + os_free(txt); + + BIO_free(out); +#endif /* CONFIG_NO_STDOUT_DEBUG */ +} + + static int ocsp_resp_cb(SSL *s, void *arg) { struct tls_connection *conn = arg; @@ -3011,8 +3046,7 @@ static int ocsp_resp_cb(SSL *s, void *arg) store = SSL_CTX_get_cert_store(s->ctx); if (conn->peer_issuer) { - wpa_printf(MSG_DEBUG, "OpenSSL: Add issuer"); - X509_print_fp(stdout, conn->peer_issuer); + debug_print_cert(conn->peer_issuer, "Add OCSP issuer"); if (X509_STORE_add_cert(store, conn->peer_issuer) != 1) { tls_show_errors(MSG_INFO, __func__,