-
Notifications
You must be signed in to change notification settings - Fork 61
Conversation
Some basic information is not included by default in our logs. They can be seen with aktualizr-info or loglevel 0, but this should make it easier to figure out what's going on when all we have is a "standard" log. Suggested-by: Vladimir Koshelev <vladimir.koshelev@here.com> Signed-off-by: Patrick Vacek <patrickvacek@gmail.com>
return cn; | ||
} | ||
|
||
void KeyManager::getCertInfo(std::string *subject, std::string *issuer, std::string *not_before, | ||
std::string *not_after) const { | ||
std::string not_found_cert_message = "Certificate is not found, can't extract device_id"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
std::string not_found_cert_message = "Certificate is not found, can't extract device_id"; | |
std::string not_found_cert_message = "Certificate is not found, can't extract device certificate"; |
} | ||
} else { // CryptoSource::kPkcs11 | ||
if (!built_with_p11) { | ||
throw std::runtime_error("Aktualizr was built without PKCS#11 support, can't extract device_id"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
throw std::runtime_error("Aktualizr was built without PKCS#11 support, can't extract device_id"); | |
throw std::runtime_error("Aktualizr was built without PKCS#11 support, can't extract device certificate"); |
} | ||
|
||
StructGuard<BIO> subj_bio(BIO_new(BIO_s_mem()), BIO_vfree); | ||
X509_NAME_print_ex(subj_bio.get(), X509_get_subject_name(x.get()), 1, 0); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The docs I've found are not really helpful but are we sure that this call or the next (BIO_get_mem_data
) can't fail and we end up creating a string from an uninitialized pointer (subj_buf
).
Maybe a simple precaution:
char *subj_buf = nullptr;
...
if (subj_buf == nullptr) {
throw xxx;
}
*subject = std::string(subj_buf, ...);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I was annoyed that the SSL docs don't even mention the return value of X509_NAME_print_ex
. However, https://manpages.debian.org/unstable/libssl-doc/X509_NAME_print_ex.3ssl.en.html says that "X509_NAME_print_ex() and X509_NAME_print_ex_fp() return 1 on success or 0 on error if the XN_FLAG_COMPAT is set, which is the same as X509_NAME_print(). Otherwise, it returns -1 on error or other values on success." Lovely. I'll play around with this a bit and try to be a bit more careful.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm a bit scared of the return value mess so I ended up just taking your advice literally.
Looks like it's gonna actually be helpful in the future! |
Suggested-by: Vladimir Koshelev <vladimir.koshelev@here.com> Signed-off-by: Patrick Vacek <patrickvacek@gmail.com>
Signed-off-by: Patrick Vacek <patrickvacek@gmail.com>
3adbedd
to
b7adc45
Compare
Codecov Report
@@ Coverage Diff @@
## master #1555 +/- ##
==========================================
+ Coverage 82.07% 82.25% +0.17%
==========================================
Files 186 186
Lines 11449 11494 +45
==========================================
+ Hits 9397 9454 +57
+ Misses 2052 2040 -12
Continue to review full report at Codecov.
|
Judging by the previous CI run (https://main.gitlab.in.here.com/olp/edge/ota/connect/client/aktualizr/-/jobs/1577872) it looks like I may have some openssl version compatibility issues to confront. Cool... |
looks quite similar to what I've seen on macOS, I think, the problem is that our cmake wants 1.0.2 while our code actually relies/requires on 1.1.x since switching from 1.0.2t version to 1.1.1t on the mac helped me to resolve it. |
@@ -51,8 +51,8 @@ void initSecondaries(Aktualizr& aktualizr, const boost::filesystem::path& config | |||
Secondaries secondaries = createSecondaries(*config); | |||
|
|||
for (const auto& secondary : secondaries) { | |||
LOG_INFO << "Adding Secondary to Aktualizr." | |||
<< "HW_ID: " << secondary->getHwId() << " Serial: " << secondary->getSerial(); | |||
LOG_INFO << "Adding Secondary with ECU serial: " << secondary->getSerial() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
mixing metadata/values with message text might not be optimal as you need to search for values between text. The best practice here is to separate a static part of a log message from its variable part. For example,
`
Adding Secondary:
serial: <serial>
hardware ID: <hwid>
`
but it's not critical here as there are just two variable elements here, it's rather important when there are more of them
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not quite sure I follow. All I did was rephrase it and swap the serial and hardware ID.
good start, I think, it makes sense to review and improve logging in other places too. |
I think we generally still want to support 1.0.2, so I have to work around that. The reason I didn't already, though, was that the website claims that "These functions are available in all versions of OpenSSL." Obviously that's not true. |
Despite that the website claims that "these functions are available in all versions of OpenSSL." Signed-off-by: Patrick Vacek <patrickvacek@gmail.com>
115b298
to
c9cf301
Compare
Fixed the openssl compatibility issue and incorporated all of @lbonn's suggestions. Your reviews were auto-dismissed but I'm ready for another round now. |
Requested by @koshelev to speed up debugging, particularly when all we have is a log with the default loglevel. This is approximately how it will look: