SSL/TLS: proper indentation, remove erroneous comment

[ngircd-alex.git] / src / ngircd / conn-ssl.c

diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c
index 79fbd01cef22a18fed11f7817660462d8fcabae1..46f1c9d0a584007707336f46b86bbea2b5632992 100644 (file)
--- a/src/ngircd/conn-ssl.c
+++ b/src/ngircd/conn-ssl.c
@@ -151,7 +151,7 @@ Load_DH_params(void)
        bool ret = true;
 
        if (!Conf_SSLOptions.DHFile) {
-               Log(LOG_NOTICE, "Configuration option \"SSLDHFile\" not set");
+               Log(LOG_NOTICE, "Configuration option \"SSLDHFile\" not set!");
                return false;
        }
        fp = fopen(Conf_SSLOptions.DHFile, "r");
@@ -161,7 +161,8 @@ Load_DH_params(void)
        }
        dh_params = PEM_read_DHparams(fp, NULL, NULL, NULL);
        if (!dh_params) {
-               Log(LOG_ERR, "%s: PEM_read_DHparams failed", Conf_SSLOptions.DHFile);
+               Log(LOG_ERR, "%s: PEM_read_DHparams failed!",
+                   Conf_SSLOptions.DHFile);
                ret = false;
        }
        fclose(fp);
@@ -194,7 +195,9 @@ Load_DH_params(void)
                }
        }
        if (need_dhgenerate) {
-               Log(LOG_WARNING, "SSLDHFile not set, generating %u bit DH parameters. This may take a while...", DH_BITS);
+               Log(LOG_WARNING,
+                   "SSLDHFile not set, generating %u bit DH parameters. This may take a while ...",
+                   DH_BITS);
                err = gnutls_dh_params_generate2(tmp_dh_params, DH_BITS);
                if (err < 0) {
                        Log(LOG_ERR, "gnutls_dh_params_generate2: %s", gnutls_strerror(err));
@@ -225,7 +228,8 @@ void ConnSSL_Free(CONNECTION *c)
        }
 #endif
        assert(Conn_OPTION_ISSET(c, CONN_SSL));
-       Conn_OPTION_DEL(c, (CONN_SSL_CONNECT|CONN_SSL|CONN_SSL_WANT_WRITE));
+       /* can't just set bitmask to 0 -- there are other, non-ssl related flags, e.g. CONN_ZIP. */
+       Conn_OPTION_DEL(c, CONN_SSL_FLAGS_ALL);
 }
 
 
@@ -263,7 +267,7 @@ ConnSSL_InitLibrary( void )
        SSL_CTX_set_mode(newctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
        SSL_CTX_free(ssl_ctx);
        ssl_ctx = newctx;
-       Log(LOG_INFO, "%s initialized", SSLeay_version(SSLEAY_VERSION));
+       Log(LOG_INFO, "%s initialized.", SSLeay_version(SSLEAY_VERSION));
        return true;
 out:
        SSL_CTX_free(newctx);
@@ -282,7 +286,7 @@ out:
        }
        if (!ConnSSL_LoadServerKey_gnutls())
                return false;
-       Log(LOG_INFO, "gnutls %s initialized", gnutls_check_version(NULL));
+       Log(LOG_INFO, "gnutls %s initialized.", gnutls_check_version(NULL));
        initialized = true;
        return true;
 #endif
@@ -304,12 +308,13 @@ ConnSSL_LoadServerKey_gnutls(void)
 
        cert_file = Conf_SSLOptions.CertFile ? Conf_SSLOptions.CertFile:Conf_SSLOptions.KeyFile;
        if (!cert_file) {
-               Log(LOG_ERR, "Neither Key nor certificate File set");
+               Log(LOG_NOTICE, "No SSL server key configured, SSL disabled.");
                return false;
        }
 
        if (array_bytes(&Conf_SSLOptions.KeyFilePassword))
-               Log(LOG_WARNING, "Ignoring KeyFilePassword: Not supported by GNUTLS");
+               Log(LOG_WARNING,
+                   "Ignoring KeyFilePassword: Not supported by GNUTLS.");
 
        if (!Load_DH_params())
                return false;
@@ -334,7 +339,7 @@ ConnSSL_LoadServerKey_openssl(SSL_CTX *ctx)
 
        assert(ctx);
        if (!Conf_SSLOptions.KeyFile) {
-               Log(LOG_NOTICE, "No SSL Server Key configured, ssl disabled");
+               Log(LOG_NOTICE, "No SSL server key configured, SSL disabled.");
                return false;
        }
 
@@ -479,8 +484,8 @@ ConnSSL_HandleError( CONNECTION *c, const int code, const char *fname )
                Conn_OPTION_ADD(c, CONN_SSL_WANT_WRITE); /* fall through */
        case SSL_ERROR_NONE:
                return 0;       /* try again later */
-       case SSL_ERROR_ZERO_RETURN:     /* TLS/SSL Connection was shut down */
-               LogOpenSSLError("TLS/SSL Connection shutdown", fname);
+       case SSL_ERROR_ZERO_RETURN:
+               LogDebug("TLS/SSL connection shut down normally");
                break;
        /*
        SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT, SSL_ERROR_WANT_X509_LOOKUP
@@ -513,15 +518,14 @@ ConnSSL_HandleError( CONNECTION *c, const int code, const char *fname )
        switch (code) {
        case GNUTLS_E_AGAIN:
        case GNUTLS_E_INTERRUPTED:
-       if (gnutls_record_get_direction(c->ssl_state.gnutls_session)) { /* need write */
-               io_event_del(c->sock, IO_WANTREAD);
-               Conn_OPTION_ADD(c, CONN_SSL_WANT_WRITE); /* fall through */
-               break;
-       } else { /* need read */
-               io_event_del(c->sock, IO_WANTWRITE);
-               Conn_OPTION_ADD(c, CONN_SSL_WANT_READ);
+               if (gnutls_record_get_direction(c->ssl_state.gnutls_session)) {
+                       Conn_OPTION_ADD(c, CONN_SSL_WANT_WRITE);
+                       io_event_del(c->sock, IO_WANTREAD);
+               } else {
+                       Conn_OPTION_ADD(c, CONN_SSL_WANT_READ);
+                       io_event_del(c->sock, IO_WANTWRITE);
+               }
                break;
-       }
        default:
                assert(code < 0);
                if (gnutls_error_is_fatal(code)) {
@@ -544,16 +548,17 @@ ConnSSL_LogCertInfo( CONNECTION *c )
        assert( c );
        assert( ssl );
 
-       Log( LOG_INFO, "New %s connection using cipher %s on socket %d",
+       Log(LOG_INFO, "New %s connection using cipher %s on socket %d.",
                SSL_get_version(ssl), SSL_get_cipher(ssl), c->sock);
 #endif
 #ifdef HAVE_LIBGNUTLS
        gnutls_session_t sess = c->ssl_state.gnutls_session;
        gnutls_cipher_algorithm_t cipher = gnutls_cipher_get(sess);
 
-       Log( LOG_INFO, "New %s connection using cipher %s-%s on socket %d",
-                gnutls_protocol_get_name(gnutls_protocol_get_version(sess)),
-               gnutls_cipher_get_name(cipher), gnutls_mac_get_name(gnutls_mac_get(sess)), c->sock);
+       Log(LOG_INFO, "New %s connection using cipher %s-%s on socket %d.",
+           gnutls_protocol_get_name(gnutls_protocol_get_version(sess)),
+           gnutls_cipher_get_name(cipher),
+           gnutls_mac_get_name(gnutls_mac_get(sess)), c->sock);
 #endif
 }