tls: Rename SSL to TLS in log messages

src/accept.c

@@ -328,19 +328,19 @@ static int open_listener(struct listen_config_t *lc)
 	
 	hlog(LOG_DEBUG, "... ok, bound");
 	
-	/* Set up an SSL context if necessary */
+	/* Set up a TLS context if necessary */
 #ifdef USE_SSL
 	if (lc->keyfile && lc->certfile) {
 		l->ssl = ssl_alloc();
 		
 		if (ssl_create(l->ssl, (void *)l)) {
-			hlog(LOG_ERR, "Failed to create SSL context for '%s*': %s", lc->name, l->addr_s);
+			hlog(LOG_ERR, "Failed to create TLS context for '%s*': %s", lc->name, l->addr_s);
 			listener_free(l);
 			return -1;
 		}
 		
 		if (ssl_certificate(l->ssl, lc->certfile, lc->keyfile)) {
-			hlog(LOG_ERR, "Failed to load SSL key and certificates for '%s*': %s", lc->name, l->addr_s);
+			hlog(LOG_ERR, "Failed to load TLS key and certificates for '%s*': %s", lc->name, l->addr_s);
 			listener_free(l);
 			return -1;
 		}
@@ -348,13 +348,13 @@ static int open_listener(struct listen_config_t *lc)
 		/* optional client cert validation */
 		if (lc->cafile) {
 			if (ssl_ca_certificate(l->ssl, lc->cafile, 2)) {
-				hlog(LOG_ERR, "Failed to load trusted SSL CA certificates for '%s*': %s", lc->name, l->addr_s);
+				hlog(LOG_ERR, "Failed to load trusted TLS CA certificates for '%s*': %s", lc->name, l->addr_s);
 				listener_free(l);
 				return -1;
 			}
 		}
 		
-		hlog(LOG_INFO, "SSL initialized for '%s': %s%s", lc->name, l->addr_s, (lc->cafile) ? " (client validation enabled)" : "");
+		hlog(LOG_INFO, "TLS initialized for '%s': %s%s", lc->name, l->addr_s, (lc->cafile) ? " (client validation enabled)" : "");
 	}
 #endif
 	
@@ -1311,7 +1311,7 @@ static int accept_liveupgrade_single(cJSON *client, int *rxerr_map, int rxerr_ma
 	/* Add the client to the client list. */
 	int old_fd = clientlist_add(c);
 	if (c->validated && old_fd != -1) {
-		/* TODO: If old connection is SSL validated, and this one is not, do not disconnect it. */
+		/* TODO: If old connection is TLS validated, and this one is not, do not disconnect it. */
 		hlog(LOG_INFO, "fd %d: Disconnecting duplicate validated client with username '%s'", old_fd, c->username);
 		shutdown(old_fd, SHUT_RDWR);
 	}

src/config.c

@@ -1100,7 +1100,7 @@ int do_listen(struct listen_config_t **lq, int argc, char **argv)
 	
 	/* SSL requires both a cert and a key */
 	if ((l->certfile && !l->keyfile) || (l->keyfile && !l->certfile)) {
-		hlog(LOG_ERR, "Listen: Only one of sslkey and sslcert defined for '%' - both needed for SSL", argv[1]);
+		hlog(LOG_ERR, "Listen: Only one of tlskey and tlscert defined for '%' - both needed for TLS", argv[1]);
 		free_listen_config(&l);
 		return -2;
 	}

src/login.c

@@ -205,7 +205,7 @@ int login_setup_udp_feed(struct client_t *c, int port)
 #ifdef USE_SSL
 static int login_client_validate_cert(struct worker_t *self, struct client_t *c)
 {
-	hlog(LOG_DEBUG, "%s/%s: login: doing SSL client cert validation", c->addr_rem, c->username);
+	hlog(LOG_DEBUG, "%s/%s: login: doing TLS client cert validation", c->addr_rem, c->username);
 	int ssl_res = ssl_validate_peer_cert_phase1(c);
 	if (ssl_res == 0)
 		ssl_res = ssl_validate_peer_cert_phase2(c);
@@ -215,7 +215,7 @@ static int login_client_validate_cert(struct worker_t *self, struct client_t *c)
 		return 1;
 	}
 	
-	hlog(LOG_WARNING, "%s/%s: SSL client cert validation failed: %s", c->addr_rem, c->username, ssl_strerror(ssl_res));
+	hlog(LOG_WARNING, "%s/%s: TLS client cert validation failed: %s", c->addr_rem, c->username, ssl_strerror(ssl_res));
 	int rc;
 	if (ssl_res == SSL_VALIDATE_CLIENT_CERT_UNVERIFIED)
 		rc = client_printf(self, c, "# Client certificate not accepted: %s\r\n", X509_verify_cert_error_string(c->ssl_con->ssl_err_code));

src/tls.c

@@ -261,14 +261,14 @@ static void ssl_info_callback(SSL *ssl, int where, int ret)
 	}
 	
 	if (where & SSL_CB_HANDSHAKE_START) {
-		hlog(LOG_INFO, "%s/%d: SSL handshake start", c->addr_rem, c->fd);
+		hlog(LOG_INFO, "%s/%d: TLS handshake start", c->addr_rem, c->fd);
 		if (ssl_conn->handshaked) {
 			ssl_conn->renegotiation = 1;
 		}
 	}
 	
 	if (where & SSL_CB_HANDSHAKE_DONE) {
-		hlog(LOG_INFO, "%s/%d: SSL handshake done", c->addr_rem, c->fd);
+		hlog(LOG_INFO, "%s/%d: TLS handshake done", c->addr_rem, c->fd);
 	}
 }
 
@@ -450,20 +450,20 @@ int ssl_create(struct ssl_t *ssl, void *data)
 int ssl_certificate(struct ssl_t *ssl, const char *certfile, const char *keyfile)
 {
 	if (SSL_CTX_use_certificate_chain_file(ssl->ctx, certfile) == 0) {
-		hlog(LOG_ERR, "Error while loading SSL certificate chain file \"%s\"", certfile);
+		hlog(LOG_ERR, "Error while loading TLS certificate chain file \"%s\"", certfile);
 		ssl_error(LOG_ERR, "SSL_CTX_use_certificate_chain_file");
 		return -1;
 	}
 	
 	
 	if (SSL_CTX_use_PrivateKey_file(ssl->ctx, keyfile, SSL_FILETYPE_PEM) == 0) {
-		hlog(LOG_ERR, "Error while loading SSL private key file \"%s\"", keyfile);
+		hlog(LOG_ERR, "Error while loading TLS private key file \"%s\"", keyfile);
 		ssl_error(LOG_ERR, "SSL_CTX_use_PrivateKey_file");
 		return -1;
 	}
 	
 	if (!SSL_CTX_check_private_key(ssl->ctx)) {
-		hlog(LOG_ERR, "SSL private key (%s) does not work with this certificate (%s)", keyfile, certfile);
+		hlog(LOG_ERR, "TLS private key (%s) does not work with this certificate (%s)", keyfile, certfile);
 		ssl_error(LOG_ERR, "SSL_CTX_check_private_key");
 		return -1;
 	}
@@ -644,7 +644,7 @@ int ssl_validate_peer_cert_phase1(struct client_t *c)
 	
 	if (rc != X509_V_OK) {
 		/* client gave a certificate, but it's not valid */
-		hlog(LOG_DEBUG, "%s/%s: Peer SSL certificate verification error %d: %s",
+		hlog(LOG_DEBUG, "%s/%s: Peer TLS certificate verification error %d: %s",
 			c->addr_rem, c->username, rc, X509_verify_cert_error_string(rc));
 		c->ssl_con->ssl_err_code = rc;
 		return SSL_VALIDATE_CLIENT_CERT_UNVERIFIED;
@@ -740,7 +740,7 @@ int ssl_validate_peer_cert_phase2(struct client_t *c)
 	issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)";
 	
 	ret = 0;
-	hlog(LOG_INFO, "%s/%s: Peer validated using SSL certificate: subject '%s' callsign '%s' CN '%s' issuer '%s'",
+	hlog(LOG_INFO, "%s/%s: Peer validated using TLS certificate: subject '%s' callsign '%s' CN '%s' issuer '%s'",
 		c->addr_rem, c->username, subject, subj_call, (subj_cn) ? subj_cn : "(none)", issuer);
 	
 	/* store copies of cert subject and issuer */
@@ -901,7 +901,7 @@ int ssl_readable(struct worker_t *self, struct client_t *c)
 	}
 	
 	if (sslerr == SSL_ERROR_WANT_WRITE) {
-		hlog(LOG_INFO, "ssl_readable fd %d: SSL_read wants to write (peer starts SSL renegotiation?), calling ssl_write", c->fd);
+		hlog(LOG_INFO, "ssl_readable fd %d: SSL_read wants to write (peer starts TLS renegotiation?), calling ssl_write", c->fd);
 		return ssl_write(self, c);
 	}
 	
@@ -909,7 +909,7 @@ int ssl_readable(struct worker_t *self, struct client_t *c)
 	c->ssl_con->no_send_shutdown = 1;
 	
 	if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) {
-		hlog(LOG_DEBUG, "ssl_readable fd %d: peer shutdown SSL cleanly", c->fd);
+		hlog(LOG_DEBUG, "ssl_readable fd %d: peer shutdown TLS cleanly", c->fd);
 		client_close(self, c, CLIERR_EOF);
 		return -1;
 	}

src/uplink.c

@@ -262,11 +262,11 @@ int uplink_logresp_handler(struct worker_t *self, struct client_t *c, int l4prot
 	/* check the server name against certificate */
 #ifdef USE_SSL
 	if (c->ssl_con && c->ssl_con->validate) {
-		hlog(LOG_DEBUG, "%s/%s: Uplink: Validating SSL server cert subject", c->addr_rem, c->username);
+		hlog(LOG_DEBUG, "%s/%s: Uplink: Validating TLS server cert subject", c->addr_rem, c->username);
 		int ssl_res = ssl_validate_peer_cert_phase2(c);
 		
 		if (ssl_res != 0) {
-			hlog(LOG_WARNING, "%s/%s: SSL server cert validation failed: %s", c->addr_rem, c->username, ssl_strerror(ssl_res));
+			hlog(LOG_WARNING, "%s/%s: TLS server cert validation failed: %s", c->addr_rem, c->username, ssl_strerror(ssl_res));
 			client_close(self, c, CLIERR_UPLINK_PEER_CERT_FAIL);
 			return 0;
 		}
@@ -301,11 +301,11 @@ int uplink_login_handler(struct worker_t *self, struct client_t *c, int l4proto,
 	
 #ifdef USE_SSL
 	if (c->ssl_con && c->ssl_con->validate) {
-		hlog(LOG_DEBUG, "%s/%s: Uplink: Validating SSL server cert against CA", c->addr_rem, c->username);
+		hlog(LOG_DEBUG, "%s/%s: Uplink: Validating TLS server cert against CA", c->addr_rem, c->username);
 		int ssl_res = ssl_validate_peer_cert_phase1(c);
 		
 		if (ssl_res != 0) {
-			hlog(LOG_WARNING, "%s/%s: SSL server cert validation failed: %s", c->addr_rem, c->username, ssl_strerror(ssl_res));
+			hlog(LOG_WARNING, "%s/%s: TLS server cert validation failed: %s", c->addr_rem, c->username, ssl_strerror(ssl_res));
 			client_close(self, c, CLIERR_UPLINK_PEER_CERT_FAIL);
 			return 0;
 		}
@@ -351,14 +351,14 @@ int config_uplink_ssl_setup(struct uplink_config_t *l)
 	l->ssl = ssl_alloc();
 	
 	if (ssl_create(l->ssl, (void *)l)) {
-		hlog(LOG_ERR, "Uplink: Failed to create SSL context for '%s*'", l->name);
+		hlog(LOG_ERR, "Uplink: Failed to create TLS context for '%s*'", l->name);
 		return -1;
 	}
 	
 	/* optional client cert for server-side validation */
 	if (l->certfile && l->keyfile) {
 		if (ssl_certificate(l->ssl, l->certfile, l->keyfile)) {
-			hlog(LOG_ERR, "Uplink '%s': Failed to load SSL certificatess", l->name);
+			hlog(LOG_ERR, "Uplink '%s': Failed to load TLS certificatess", l->name);
 			ssl_free(l->ssl);
 			l->ssl = NULL;
 			return -1;
@@ -368,14 +368,14 @@ int config_uplink_ssl_setup(struct uplink_config_t *l)
 	/* optional server cert validation */
 	if (l->cafile) {
 		if (ssl_ca_certificate(l->ssl, l->cafile, 2)) {
-			hlog(LOG_ERR, "Uplink '%s': Failed to load trusted SSL CA certificates", l->name);
+			hlog(LOG_ERR, "Uplink '%s': Failed to load trusted TLS CA certificates", l->name);
 			ssl_free(l->ssl);
 			l->ssl = NULL;
 			return -1;
 		}
 	}
 	
-	hlog(LOG_INFO, "Uplink %s: SSL initialized%s%s",
+	hlog(LOG_INFO, "Uplink %s: TLS initialized%s%s",
 		l->name,
 		(l->cafile) ? ", server validated" : "",
 		(l->certfile) ? ", client cert loaded" : "");
@@ -412,15 +412,15 @@ int make_uplink(struct uplink_config_t *l)
 #ifdef USE_SSL	
 	/* SSL requires both a cert and a key, or none at all */
 	if ((l->certfile && !l->keyfile) || (l->keyfile && !l->certfile)) {
-		hlog(LOG_ERR, "Uplink %s: Only one of sslkey and sslcert defined - both needed for SSL authentication", l->name);
+		hlog(LOG_ERR, "Uplink %s: Only one of tlskey and tlscert defined - both needed for TLS authentication", l->name);
 		return -2;
 	}
 	
-	/* todo: allow triggering SSL without client auth */
+	/* todo: allow triggering TLS without client auth */
 	if (l->keyfile && l->certfile) {
 		if (!l->ssl) {
 			if (config_uplink_ssl_setup(l)) {
-				hlog(LOG_ERR, "Uplink '%s': SSL setup failed", l->name);
+				hlog(LOG_ERR, "Uplink '%s': TLS setup failed", l->name);
 				return -2;
 			}
 		}
@@ -667,7 +667,7 @@ connerr:
 
 	l->state = UPLINK_ST_CONNECTED;
 	
-	/* set up SSL if necessary */
+	/* set up TLS if necessary */
 #ifdef USE_SSL
 	if (l->ssl) {
 		if (ssl_create_connection(l->ssl, c, 1))

src/worker.c

@@ -1561,7 +1561,7 @@ static void collect_new_clients(struct worker_t *self)
 #endif
 #ifdef USE_SSL
 		if (c->ssl_con) {
-			hlog(LOG_DEBUG, "collect_new_clients(worker %d): fd %d uses SSL", self->id, c->fd);
+			hlog(LOG_DEBUG, "collect_new_clients(worker %d): fd %d uses TLS", self->id, c->fd);
 			c->handler_client_readable = &ssl_readable;
 			c->handler_client_writable = &ssl_writable;
 			c->write = &ssl_client_write;
@@ -1825,12 +1825,12 @@ void worker_thread(struct worker_t *self)
 	
 	if (self->shutting_down == 2) {
 		/* live upgrade: must free all UDP client structs - we need to close the UDP listener fd. */
-		/* Must also disconnect all SSL clients - the SSL crypto state cannot be moved over. */
+		/* Must also disconnect all TLS clients - the TLS crypto state cannot be moved over. */
 		struct client_t *c, *next;
 		for (c = self->clients; (c); c = next) {
 			next = c->next;
 #ifdef USE_SSL
-			/* SSL client? */
+			/* TLS client? */
 			if (c->ssl_con) {
 				client_close(self, c, CLIOK_THREAD_SHUTDOWN);
 				continue;