Experience has shown that:
1. The current logging methods are not very reliable or practical.
A logging bitmask makes little sense as the user-facing interface (who
would want debug but not crtical messages for example?); it's
computer-friendly and user-unfriendly. More importantly the console
log level preference is initialized too late in the startup process
to be used for the logging subsystem and that fact raises a number
of annoying and hard-to-fix usability issues.
2. Coding around G_MESSAGES_DEBUG to comply with our log level mask
and not clobber the user's settings or not create unexpected log misses
is unworkable and generally follows the principle of most surprise.
The fact that G_MESSAGES_DEBUG="all" can leak to other programs using
GLib is also annoying.
3. The non-structured GLib logging API is very opinionated and lacks
configurability beyond replacing the log handler.
4. Windows GUI has some special code to attach to a console,
but it would be nice to abstract away the rest under a single
interface.
5. Using this logger seems to be noticeably faster.
Deprecate the console log level preference and extend our API to
implement a log handler in wsutil/wslog.h to provide easy-to-use,
flexible and dependable logging during all execution phases.
Log levels have a hierarchy, from most verbose to least verbose
(debug to error). When a given level is set everything above that
is also enabled.
The log level can be set with an environment variable or a command
line option (parsed as soon as possible but still later than the
environment). The default log level is "message".
Dissector logging is not included because it is not clear what log
domain they should use. An explosion to thousands of domains is
not desirable and putting everything in a single domain is probably
too coarse and noisy. For now I think it makes sense to let them do
their own thing using g_log_default_handler() and continue using the
G_MESSAGES_DEBUG mechanism with specific domains for each individual
dissector.
In the future a mechanism may be added to selectively enable these
domains at runtime while trying to avoid the problems introduced
by G_MESSAGES_DEBUG.
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The "bag" was not deallocated when the key is successfully loaded.
Parse all bag elements rather than clearing the bag after the first
iteration (this restores previous behavior).
Change-Id: Ib52da6586f7435d18fa5b0660e7771436544b634
Fixes: v2.5.0rc0-613-gf63b68f707 ("Further cleanups.")
Reviewed-on: https://code.wireshark.org/review/26481
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id73e641499e75bc1afc1dea29682418156f461fe
Reviewed-on: https://code.wireshark.org/review/24751
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
If a variable is initialized in a loop body or an if clause or a switch
clause, declare it inside the loop body/clause, and de-initialize it
before leaving the loop body/clause.
De-initialize the gnutls_pkcs12_t before leaving rsa_load_pkcs12(), so
as not to leak it.
Always leave the per-bag loop by "goto done", even if we're not within
an inner loop, to make it clearer what we're doing.
We initialize the bag structure at the beginning of that loop body;
de-initialize it at the end.
If we leave the loop without a private key, and we don't have an error
message, the error is "we didn't find a PKCS8 key"; report that.
Change-Id: I87cf296876c8f1879f69d01ce67ca2829b4f8d16
Reviewed-on: https://code.wireshark.org/review/22958
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Pacify checkAPIs.pl
Change-Id: I637a6cd678b99d05cd1b26fd3cba6ad4dd19e8d2
Reviewed-on: https://code.wireshark.org/review/22957
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ensure that rsa_load_pem_key() and rsa_load_pkcs12() always return an
error message string if they fail, so that
1) they don't return NULL without supplying an error string;
2) they don't supply an error string if they succeed.
If either of them fails, report the error; if there's no error string,
report an unknown error (that shouldn't happen, but the wsutil/rsa.c
code needs more cleanup before I'll believe it can't happen).
While we're at it, clean up some of those error strings, return NULL
rather than 0 as the failure case from rsa_load_pkcs12() as we do in
rsa_load_pem_key() (they mean the same thing, but NULL makes it a bit
clearer), and de-initialize the private key structure in
rsa_load_pem_key() if we fail (so that we don't leak memory).
Change-Id: Id9dd331800d87b017a500a6f579df446057f555b
Reviewed-on: https://code.wireshark.org/review/22941
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Loading PEM and PKCS#11 keys was being done in static functions
in packet-ssl-utils.c. These were moved to wsutil, with prototypes
in a new <wsutil/rsa.h> header. This adds gnutls as optional
dependency to wsutil.
The RSA decryption helper was also moved and is now provided in
<wsutil/wsgcrypt.h>.
This allows more dissectors to access this functionality.
Change-Id: I6cfbbf5203f2881c82bad721747834ccd76e2033
Reviewed-on: https://code.wireshark.org/review/21941
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
João Valverde