interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Less activity to detect XML verify failure

This commit is contained in:
Willem Toorop 2017-09-18 11:49:43 +02:00
parent 737f49d2cc
commit e2ffaf3e07
1 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/anchor.c
View File

@ -738,12 +738,21 @@ void _getdns_context_equip_with_anchor(
" CA: \"%s\"\n", __FUNC__ " CA: \"%s\"\n", __FUNC__
, getdns_get_errorstr_by_id(r)); , getdns_get_errorstr_by_id(r));
else if (!verify_CA || !*verify_CA)
DEBUG_ANCHOR("NOTICE: Trust anchor verification explicitely "
"disabled by empty verify CA\n");
return;
else if ((r = getdns_context_get_trust_anchor_verify_email( else if ((r = getdns_context_get_trust_anchor_verify_email(
context, ".", &verify_email))) context, ".", &verify_email)))
DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify email " DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify email "
"address: \"%s\"\n", __FUNC__ "address: \"%s\"\n", __FUNC__
, getdns_get_errorstr_by_id(r)); , getdns_get_errorstr_by_id(r));
else if (!verify_email || !*verify_email)
DEBUG_ANCHOR("NOTICE: Trust anchor verification explicitely "
"disabled by empty verify email\n");
else if (!(xml_data = _getdns_context_get_priv_file(context, else if (!(xml_data = _getdns_context_get_priv_file(context,
"root-anchors.xml", xml_spc, sizeof(xml_spc), &xml_len))) "root-anchors.xml", xml_spc, sizeof(xml_spc), &xml_len)))
DEBUG_ANCHOR("DEBUG %s(): root-anchors.xml not present\n" DEBUG_ANCHOR("DEBUG %s(): root-anchors.xml not present\n"
@ -1499,12 +1508,7 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
const char *verify_CA; const char *verify_CA;
const char *verify_email; const char *verify_email;
if (!_getdns_context_can_write_appdata(context)) { if ((r = _getdns_get_tas_url_hostname(context, tas_hostname, NULL))) {
DEBUG_ANCHOR("NOTICE %s(): Not fetching TA, because "
"non writeable appdata directory\n", __FUNC__);
return;
} else if ((r = _getdns_get_tas_url_hostname(context, tas_hostname, NULL))) {
DEBUG_ANCHOR("ERROR %s(): Could not get_tas_url_hostname" DEBUG_ANCHOR("ERROR %s(): Could not get_tas_url_hostname"
": \"%s\"", __FUNC__ ": \"%s\"", __FUNC__
, getdns_get_errorstr_by_id(r)); , getdns_get_errorstr_by_id(r));
@ -1517,10 +1521,11 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
, getdns_get_errorstr_by_id(r)); , getdns_get_errorstr_by_id(r));
return; return;
} else if (!*verify_CA) { } else if (!verify_CA || !*verify_CA) {
DEBUG_ANCHOR("NOTICE: Trust anchor fetching explicitely " DEBUG_ANCHOR("NOTICE: Trust anchor fetching explicitely "
"disabled by empty verify CA\n"); "disabled by empty verify CA\n");
return; return;
} else if ((r = getdns_context_get_trust_anchor_verify_email( } else if ((r = getdns_context_get_trust_anchor_verify_email(
context, ".", &verify_email))) { context, ".", &verify_email))) {
DEBUG_ANCHOR("ERROR %s(): Could not get verify email address" DEBUG_ANCHOR("ERROR %s(): Could not get verify email address"
@ -1528,10 +1533,15 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
, getdns_get_errorstr_by_id(r)); , getdns_get_errorstr_by_id(r));
return; return;
} else if (!*verify_email) { } else if (!verify_email || !*verify_email) {
DEBUG_ANCHOR("NOTICE: Trust anchor fetching explicitely " DEBUG_ANCHOR("NOTICE: Trust anchor fetching explicitely "
"disabled by empty verify email address\n"); "disabled by empty verify email address\n");
return; return;
} else if (!_getdns_context_can_write_appdata(context)) {
DEBUG_ANCHOR("NOTICE %s(): Not fetching TA, because "
"non writeable appdata directory\n", __FUNC__);
return;
} }
DEBUG_ANCHOR("Hostname: %s\n", tas_hostname); DEBUG_ANCHOR("Hostname: %s\n", tas_hostname);
DEBUG_ANCHOR("%s on the %ssynchronous loop\n", __FUNC__, DEBUG_ANCHOR("%s on the %ssynchronous loop\n", __FUNC__,