1 files changed, 35 insertions, 34 deletions

diff --git a/src/tls_remote.c b/src/tls_remote.c
index 7986077..fd72033 100644
--- a/src/tls_remote.c
+++ b/src/tls_remote.c
@@ -13,18 +13,19 @@
 #include "tls_errors.h"
 #include "ucspissl.h"
 
-/** @file  tls_remote.c -- TLS client functions
-    @brief connection functions: tls_conn, tls_exit;
-           verification functions: tls_certkey, tls_checkpeer, tls_fingerprint, tlsa_check;
-           tls_destination, tls_domaincert
-           dummy functions: tls_crlcheck
-
-           tls_checkpeer:   r = 0 -> ADH, r = 1 -> wildcard DN, r = 2 -> DN, r = 3 -> CA; r < 0 -> error
-           tls_fingerprint: r = 0 -> failed, r = 1 -> ok; r < 0 -> error
-           tlsa_check:      r = 0 -> nothing, r = usage + 1, r < 0 -> error
+/**
+  @file  tls_remote.c -- TLS client functions
+  @brief connection functions: tls_conn, tls_exit;
+         verification functions: tls_certkey, tls_checkpeer, tls_fingerprint, tlsa_check;
+         tls_destination, tls_domaincert
+         dummy functions: tls_crlcheck
+
+         tls_checkpeer:   r = 0 -> ADH, r = 1 -> wildcard DN, r = 2 -> DN, r = 3 -> CA; r < 0 -> error
+         tls_fingerprint: r = 0 -> failed, r = 1 -> ok; r < 0 -> error
+         tlsa_check:      r = 0 -> nothing, r = usage + 1, r < 0 -> error
 */
 
-/* Caution: OpenSSL's X509_pubkey_digest() does not work as expected. 
+/* Caution: OpenSSL's X509_pubkey_digest() does not work as expected.
    I've included now: X509_pkey_digest() and X509_cert_digest() (as makro) */
 
 #define X509_cert_digest X509_digest
@@ -126,7 +127,6 @@ int tls_checkpeer(SSL *ssl, X509 *cert, const stralloc host, const int flag, con
 
 int tls_checkcrl(SSL *ssl)  // not implemented yet
 {
-
   return 0;
 }
 
@@ -144,11 +144,12 @@ int dig_ascii(char *digascii, const char *digest, const int len)
   return (2 * j);  // 2*len
 }
 
-/* X509_pkey_digest() takes the same args as X509_digest(); 
-   however returning the correct hash of pubkey in md.
-   Subjects keys are restricted to 2048 byte in size.
-   Return codes: 1: sucess, 0: failed.  */
-
+/*
+  X509_pkey_digest() takes the same args as X509_digest();
+  however returning the correct hash of pubkey in md.
+  Subjects keys are restricted to 2048 byte in size.
+  Return codes: 1: sucess, 0: failed.
+*/
 int X509_pkey_digest(const X509 *cert, const EVP_MD *type, unsigned char *md, unsigned int *dlen)
 {
   unsigned int len = 0;
@@ -171,10 +172,11 @@ int X509_pkey_digest(const X509 *cert, const EVP_MD *type, unsigned char *md, un
   return 1;
 }
 
-/* Return codes: -4: no X.509 cert (fatal), -3: matching error (deferred), 
-                 -2: unsupported type, -1: weird TLSA record
-                  0: No X.509 cert; seen: usage++; */
-
+/*
+  Return codes: -4: no X.509 cert (fatal), -3: matching error (deferred),
+                -2: unsupported type, -1: weird TLSA record
+                 0: No X.509 cert; seen: usage++;
+*/
 int tlsa_check(const STACK_OF(X509) * certs, const stralloc host, const unsigned long p)
 {
   const EVP_MD *methodsha256 = EVP_sha256();
@@ -201,8 +203,7 @@ int tlsa_check(const STACK_OF(X509) * certs, const stralloc host, const unsigned
   if (!stralloc_cats(&sa, "._tcp.")) temp_nomem();
   if (!stralloc_cats(&sa, host.s)) temp_nomem();
 
-  if (dns_cname(&cn, &sa) > 0)  // query name could be a cname
-  {
+  if (dns_cname(&cn, &sa) > 0) {  // query name could be a cname
     if (dns_tlsa(&out, &cn) <= 0) return 0;
   } else {
     if (dns_tlsa(&out, &sa) <= 0) return 0;
@@ -211,7 +212,7 @@ int tlsa_check(const STACK_OF(X509) * certs, const stralloc host, const unsigned
 
   /*  https://www.openssl.org/docs/man3.0/man3/X509_digest.html (1.1.1):
       "The len parameter, if not NULL, points to a place where the digest size will be stored."
-      [sigh] 
+      [sigh]
   */
 
   do {
@@ -228,8 +229,9 @@ int tlsa_check(const STACK_OF(X509) * certs, const stralloc host, const unsigned
       } else if (type == 2) {
         if (selector == 0) r = X509_cert_digest(cert, methodsha512, digest, &dlen);
         if (selector == 1) r = X509_pkey_digest(cert, methodsha512, digest, &dlen);
-      } else
+      } else {
         return -2;
+      }
 
       if (!byte_diff(digest, dlen, out.s + i + 3)) return ++usage;
     }
@@ -271,23 +273,22 @@ int tls_fingerprint(X509 *cert, const char *fingerprint, int dlen)
 int tls_exit(SSL *ssl)
 {
   if (SSL_shutdown(ssl) == 0) SSL_shutdown(ssl);
-
   return 0;
 }
 
-/** @brief tls_destination
-    @param  stralloc hostname (maybe 0-terminated)
+/**
+  @brief tls_destination
+  @param  stralloc hostname (maybe 0-terminated)
 
                                Certificate       Fallthru
 
-    @return values: | ADH | Cert *DN FQDN Hash | noTLSA noTLS
-          ----------+-----+--------------------+-------------
-       optional TLS |  1  |  3    -    -    -  |   -     9
-      mandatory TLS |  2  |  4    5    6    7  |   8
-
-             no TLS   -1 
-  */
+  @return values: | ADH | Cert *DN FQDN Hash | noTLSA noTLS
+        ----------+-----+--------------------+-------------
+     optional TLS |  1  |  3    -    -    -  |   -     9
+    mandatory TLS |  2  |  4    5    6    7  |   8
 
+           no TLS   -1
+*/
 int tls_destination(const stralloc hostname)
 {
   int i;