Roxen.git / server / base_server / roxen.pike

version» Context lines:

Roxen.git/server/base_server/roxen.pike:2595: Inside #if constant(Standards.X509)
   array(object) decoded_certs = ({});    array(object) decoded_keys = ({});       void handle_pem_file(string pem_file, Variable.Variable conf_var)    {    string raw_cert;    SSL3_WERR (sprintf ("Reading PEM file %O\n", pem_file));    if( catch{ raw_cert = lopen(pem_file, "r")->read(); } )    {    CERT_WARNING (conf_var, -  LOC_M(8, "Reading PEM file %O failed: %s\n"), +  LOC_M(66, "Reading PEM file %O failed: %s\n"),    pem_file, strerror (errno()));    return;    }       Standards.PEM.Messages msgs = Standards.PEM.Messages(raw_cert);       foreach(msgs->fragments, string|Standards.PEM.Message msg) {    if (stringp(msg)) {    if (String.trim_all_whites(msg) != "") {    CERT_WARNING(conf_var, -  LOC_M(0, "Invalid PEM in %O.\n"), +  LOC_M(67, "Invalid PEM in %O.\n"),    pem_file);    }    continue;    }    string body = msg->body;    if (msg->headers["dek-info"]) {    mixed err = catch {    body = Standards.PEM.decrypt_body(msg->headers["dek-info"],    body, query("ssl_password"));    };    if (err) {    CERT_WARNING(conf_var, -  LOC_M(0, "Invalid decryption password for %O.\n"), +  LOC_M(68, "Invalid decryption password for %O.\n"),    pem_file);    }    }    switch(msg->pre) {    case "CERTIFICATE":    case "X509 CERTIFICATE":    Standards.X509.TBSCertificate tbs =    Standards.X509.decode_certificate(body);    if (!tbs) {    CERT_WARNING (conf_var,
Roxen.git/server/base_server/roxen.pike:2643: Inside #if constant(Standards.X509)
   certificates += ({ body });    decoded_certs += ({ Standards.X509.decode_certificate(body) });    break;    case "PRIVATE KEY":    case "RSA PRIVATE KEY":    case "DSA PRIVATE KEY":    case "ECDSA PRIVATE KEY":    Crypto.Sign key = Standards.X509.parse_private_key(body);    if (!key) {    CERT_ERROR (conf_var, -  LOC_M(11,"Private key not valid")+" (DER).\n"); +  LOC_M(69,"Private key not valid")+" (DER).\n");    return;    }    decoded_keys += ({ key });    break;    }    }    };       Variable.Variable Certificates = getvar("ssl_cert_file");    Variable.Variable KeyFile = getvar("ssl_key_file");
Roxen.git/server/base_server/roxen.pike:2739: Inside #if constant(Standards.X509)
      report_notice("Adding %s certificate (%d certs) for %s\n",    key->name(), sizeof(cert_nos), get_url());    // FIXME: Ought to only add "*" for the certificate chains    // belonging to the default server.    ctx->add_cert(key, rows(certificates, cert_nos), ({ name, "*" }));    found = 1;    }    if (!found) {    CERT_ERROR (KeyFile, -  LOC_M(14, "Private key without matching certificate.\n")); +  LOC_M(70, "Private key without matching certificate.\n"));    continue;    }    }      #if 0    // FIXME: How do this in current Pike 8.0?    if (!sizeof(ctx->cert_pairs)) {    CERT_ERROR(Certificates, -  LOC_M(0,"No matching keys and certificates found.\n")); +  LOC_M(71,"No matching keys and certificates found.\n"));    report_error ("TLS port %s: %s", get_url(), -  LOC_M(0,"No matching keys and certificates found.\n")); +  LOC_M(71,"No matching keys and certificates found.\n"));    cert_err_unbind();    cert_failure = 1;    return;    }   #endif       if (!bound) {    bind (ignore_eaddrinuse);    if (old_cert_failure && bound)    report_notice (LOC_M(64, "TLS port %s opened.\n"), get_url());