SSL_fix_format Fix wrong format used with SSL! (#6219)

* SSL_fix_format Fix wrong format used with SSL!

* SSL_fix_format Remove unnecessary space!

* SSL_fix_format fixing last requests!

* SSL_fix_format fixing spaces!

* SSL_fix_format killing spaces!

2 files changed, 38 insertions, 39 deletions

diff --git a/libnetdata/socket/security.c b/libnetdata/socket/security.c
index 936fefd338..b21692b241 100644
--- a/libnetdata/socket/security.c
+++ b/libnetdata/socket/security.c
@@ -12,8 +12,8 @@ int netdata_validate_server =  NETDATA_SSL_VALID_CERTIFICATE;
 
 static void security_info_callback(const SSL *ssl, int where, int ret) {
     (void)ssl;
-    if ( where & SSL_CB_ALERT ) {
-        debug(D_WEB_CLIENT,"SSL INFO CALLBACK %s %s",SSL_alert_type_string( ret ),SSL_alert_desc_string_long(ret));
+    if (where & SSL_CB_ALERT) {
+        debug(D_WEB_CLIENT,"SSL INFO CALLBACK %s %s", SSL_alert_type_string(ret), SSL_alert_desc_string_long(ret));
     }
 }
 
@@ -30,28 +30,28 @@ void security_openssl_library()
 
     SSL_library_init();
 #else
-    if ( OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG,NULL) != 1 ){
+    if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) != 1) {
         error("SSL library cannot be initialized.");
     }
 #endif
 }
 
-void security_openssl_common_options(SSL_CTX *ctx){
+void security_openssl_common_options(SSL_CTX *ctx) {
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
     static char *ciphers = {"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"};
 #endif
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
     SSL_CTX_set_options (ctx,SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION);
 #else
-    SSL_CTX_set_min_proto_version(ctx,TLS1_2_VERSION);
+    SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
     //We are avoiding the TLS v1.3 for while, because Google Chrome
     //is giving the message net::ERR_SSL_VERSION_INTERFERENCE with it.
-    SSL_CTX_set_max_proto_version(ctx,TLS1_2_VERSION);
+    SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
 #endif
     SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
 
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
-    if (!SSL_CTX_set_cipher_list(ctx,ciphers) ){
+    if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
         error("SSL error. cannot set the cipher list");
     }
 #endif
@@ -71,7 +71,7 @@ static SSL_CTX * security_initialize_openssl_client() {
     return ctx;
 }
 
-static SSL_CTX * security_initialize_openssl_server(){
+static SSL_CTX * security_initialize_openssl_server() {
     SSL_CTX *ctx;
     char lerror[512];
 	static int netdata_id_context = 1;
@@ -79,7 +79,7 @@ static SSL_CTX * security_initialize_openssl_server(){
     //TO DO: Confirm the necessity to check return for other OPENSSL function
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
 	ctx = SSL_CTX_new(SSLv23_server_method());
-    if ( !ctx ) {
+    if (!ctx) {
 		error("Cannot create a new SSL context, netdata won't encrypt communication");
         return NULL;
     }
@@ -87,18 +87,18 @@ static SSL_CTX * security_initialize_openssl_server(){
     SSL_CTX_use_certificate_file(ctx, security_cert, SSL_FILETYPE_PEM);
 #else
     ctx = SSL_CTX_new(TLS_server_method());
-    if ( !ctx ){
+    if (!ctx) {
 		error("Cannot create a new SSL context, netdata won't encrypt communication");
         return NULL;
     }
 
-    SSL_CTX_use_certificate_chain_file(ctx, security_cert );
+    SSL_CTX_use_certificate_chain_file(ctx, security_cert);
 #endif
     security_openssl_common_options(ctx);
 
     SSL_CTX_use_PrivateKey_file(ctx,security_key,SSL_FILETYPE_PEM);
 
-    if ( !SSL_CTX_check_private_key(ctx) ){
+    if (!SSL_CTX_check_private_key(ctx)) {
         ERR_error_string_n(ERR_get_error(),lerror,sizeof(lerror));
 		error("SSL cannot check the private key: %s",lerror);
         SSL_CTX_free(ctx);
@@ -116,10 +116,10 @@ static SSL_CTX * security_initialize_openssl_server(){
     return ctx;
 }
 
-void security_start_ssl(int type){
-    if ( !type){
+void security_start_ssl(int type) {
+    if (!type) {
         struct stat statbuf;
-        if ( (stat(security_key,&statbuf)) || (stat(security_cert,&statbuf)) ){
+        if (stat(security_key,&statbuf) || stat(security_cert,&statbuf)) {
             info("To use encryption it is necessary to set \"ssl certificate\" and \"ssl key\" in [web] !\n");
             return;
         }
@@ -131,13 +131,13 @@ void security_start_ssl(int type){
     }
 }
 
-void security_clean_openssl(){
-	if ( netdata_srv_ctx )
+void security_clean_openssl() {
+	if (netdata_srv_ctx)
 	{
 		SSL_CTX_free(netdata_srv_ctx);
 	}
 
-    if ( netdata_cli_ctx )
+    if (netdata_cli_ctx)
     {
         SSL_CTX_free(netdata_cli_ctx);
     }
@@ -161,12 +161,12 @@ int security_process_accept(SSL *ssl,int msg) {
          switch(sslerrno) {
              case SSL_ERROR_WANT_READ:
              {
-                 error("SSL handshake did not finish and it wanna read on socket %d!",sock);
+                 error("SSL handshake did not finish and it wanna read on socket %d!", sock);
                  return NETDATA_SSL_WANT_READ;
              }
              case SSL_ERROR_WANT_WRITE:
              {
-                 error("SSL handshake did not finish and it wanna read on socket %d!",sock);
+                 error("SSL handshake did not finish and it wanna read on socket %d!", sock);
                  return NETDATA_SSL_WANT_WRITE;
              }
              case SSL_ERROR_NONE:
@@ -177,28 +177,28 @@ int security_process_accept(SSL *ssl,int msg) {
                  u_long err;
                  char buf[256];
                  int counter = 0;
-                 while ((err = ERR_get_error()) != 0){
+                 while ((err = ERR_get_error()) != 0) {
                      ERR_error_string_n(err, buf, sizeof(buf));
-                     info("%d SSL Handshake error (%s) on socket %d ",counter++,ERR_error_string((long)SSL_get_error(ssl,test),NULL),sock);
+                     info("%d SSL Handshake error (%s) on socket %d ", counter++, ERR_error_string((long)SSL_get_error(ssl, test), NULL), sock);
 			     }
                  return NETDATA_SSL_NO_HANDSHAKE;
 			 }
          }
     }
 
-    if ( SSL_is_init_finished(ssl) )
+    if (SSL_is_init_finished(ssl))
     {
-        debug(D_WEB_CLIENT_ACCESS,"SSL Handshake finished %s errno %d on socket fd %d",ERR_error_string((long)SSL_get_error(ssl,test),NULL),errno,sock);
+        debug(D_WEB_CLIENT_ACCESS,"SSL Handshake finished %s errno %d on socket fd %d", ERR_error_string((long)SSL_get_error(ssl, test), NULL), errno, sock);
     }
 
     return 0;
 }
 
-int security_test_certificate(SSL *ssl){
+int security_test_certificate(SSL *ssl) {
     X509* cert = SSL_get_peer_certificate(ssl);
     int ret;
     long status;
-    if (!cert){
+    if (!cert) {
         return -1;
     }
 
@@ -206,11 +206,10 @@ int security_test_certificate(SSL *ssl){
     if((X509_V_OK != status))
     {
         char error[512];
-        ERR_error_string_n(ERR_get_error(),error,sizeof(error));
-        error("SSL RFC4158 check:  We have a invalid certificate, the tests result with %ld and message %s",status,error);
+        ERR_error_string_n(ERR_get_error(), error, sizeof(error));
+        error("SSL RFC4158 check:  We have a invalid certificate, the tests result with %ld and message %s", status, error);
         ret = -1;
-    }
-    else {
+    } else {
         ret = 0;
     }
     return ret;
diff --git a/libnetdata/socket/socket.c b/libnetdata/socket/socket.c
index 37a4f23d44..31a2e12da3 100644
--- a/libnetdata/socket/socket.c
+++ b/libnetdata/socket/socket.c
@@ -301,13 +301,13 @@ void listen_sockets_close(LISTEN_SOCKETS *sockets) {
     sockets->failed = 0;
 }
 
-WEB_CLIENT_ACL socket_ssl_acl(char *ssl){
+WEB_CLIENT_ACL socket_ssl_acl(char *ssl) {
 #ifdef ENABLE_HTTPS
-    if (!strcmp(ssl,"optional")){
+    if (!strcmp(ssl,"optional")) {
         netdata_use_ssl_on_http = NETDATA_SSL_OPTIONAL;
         return WEB_CLIENT_ACL_DASHBOARD | WEB_CLIENT_ACL_REGISTRY | WEB_CLIENT_ACL_BADGE | WEB_CLIENT_ACL_MGMT | WEB_CLIENT_ACL_NETDATACONF | WEB_CLIENT_ACL_STREAMING;
     }
-    else if (!strcmp(ssl,"force")){
+    else if (!strcmp(ssl,"force")) {
         netdata_use_ssl_on_stream = NETDATA_SSL_FORCE;
         return WEB_CLIENT_ACL_DASHBOARD | WEB_CLIENT_ACL_REGISTRY | WEB_CLIENT_ACL_BADGE | WEB_CLIENT_ACL_MGMT | WEB_CLIENT_ACL_NETDATACONF | WEB_CLIENT_ACL_STREAMING;
     }
@@ -318,9 +318,9 @@ WEB_CLIENT_ACL socket_ssl_acl(char *ssl){
 
 WEB_CLIENT_ACL read_acl(char *st) {
     char *ssl = strchr(st,'^');
-    if (ssl){
+    if (ssl) {
         ssl++;
-        if ( !strncmp("SSL=",ssl,4)){
+        if (!strncmp("SSL=",ssl,4)) {
             ssl += 4;
         }
         socket_ssl_acl(ssl);
@@ -883,8 +883,8 @@ ssize_t recv_timeout(int sockfd, void *buf, size_t len, int flags, int timeout)
     }
 
 #ifdef ENABLE_HTTPS
-    if (ssl->conn){
-        if (!ssl->flags){
+    if (ssl->conn) {
+        if (!ssl->flags) {
             return SSL_read(ssl->conn,buf,len);
         }
     }
@@ -926,8 +926,8 @@ ssize_t send_timeout(int sockfd, void *buf, size_t len, int flags, int timeout)
     }
 
 #ifdef ENABLE_HTTPS
-    if(ssl->conn){
-        if (!ssl->flags){
+    if(ssl->conn) {
+        if (!ssl->flags) {
             return SSL_write(ssl->conn, buf, len);
         }
     }