Committer: Miika Komu <miika@xxxxxx> Date: 11/05/2010 at 10:02:17 Revision: 4479 Revision-id: miika@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Branch nick: trunk Log: Removed unnecessary cruft, including: * old wireshark patches (hip patch is already in vanilla wireshark) * test thingies (manual says now to use nc6 instead of conntest stuff) * old openwrt stuff * old dht stuff Renamed and relocated files to be more consistent: * binary packaging start up scripts * firewall config file The changes depended on .bzrignore, Makefiles, manual, HACKING and spec files, so I followed the trail of changes also there. Tested: * make all * make deb * make dist Note: there is no "test" binary package anymore because it was empty! Modified: D doc/openwrt/ D doc/openwrt/FoneraHack/ D doc/openwrt/FoneraHack/dropbear.html D doc/openwrt/FoneraHack/enableSSH.html D doc/openwrt/FoneraHack/lafonera.pdf D doc/openwrt/Page-Background.png D doc/openwrt/index.html D doc/openwrt/openwrt-hipl.pdf D patches/misc/ D patches/opendht/bamboo-orig-cvs-2006-03-03-ipv6-luxiaopeng.diff D patches/opendht/bamboo_changes_TO_ipv4-20060303_FOR_fedora-script.diff D patches/opendht/bamboo_changes_TO_ipv6-20080612_FOR_fedora-script.diff D patches/opendht/bamboo_diff_FROM_ipv4-20060303_TO_ipv6-20080612.diff D patches/opendht/bamboo_fix_TO_ipv4-20060303_FOR_assertion.diff D patches/opendht/bamboo_fix_TO_ipv6-20080612_FOR_assertion.diff D patches/opendht/how-to-steps D patches/tcpdump/tcpdump-4.0.0-hip.01.patch D patches/tcpdump/tcpdump-4.0.0-hip.02.patch D patches/tcpdump/tcpdump-4.0.0-hip.03.patch D patches/tcpdump/tcpdump-4.0.0-hip.beta.patch D patches/wireshark/wireshark-1.1.0-hip-midauth-updated.patch D patches/wireshark/wireshark-1.1.0-hip-midauth.patch D patches/wireshark/wireshark-1.1.0-hip-updated.patch D patches/wireshark/wireshark-1.1.0-hip.patch D patches/wireshark/wireshark-1.1.0-i3-hi3.patch D patches/wireshark/wireshark-1.1.2-hip.patch D test/cleanincludesforgraph.py D test/conntest-client-hip.c D test/conntest-client-opp.c D test/conntest-server.c D test/conntest.c D test/cookietest.c D test/csum.cgi D test/docbook2doxygen.pl D test/graphviz_script.sh D test/handovers.sh D test/hashtest.c D test/keygentest.c D test/listtest.c D test/pingtest.sh D test/sqliteteststub.c D test/subst-gpl.sh A packaging/debian-init.d/ A packaging/fedora-init.d/ R packaging/debian-init.d-dnsproxy => packaging/debian-init.d/dnsproxy R packaging/debian-init.d-hipd => packaging/debian-init.d/hipd R packaging/debian-init.d-hipfw => packaging/debian-init.d/hipfw R packaging/rh-init.d-dnsproxy => packaging/fedora-init.d/dnsproxy R packaging/rh-init.d-hipd => packaging/fedora-init.d/hipd R packaging/rh-init.d-hipfw => packaging/fedora-init.d/hipfw R patches/openwrt/ => packaging/openwrt/ R patches/wireshark/README.about.version-1.1.0 => patches/wireshark/README R tools/build-maemo.sh => packaging/build-maemo.sh R tools/esp_prot_config.cfg => firewall/esp_prot_config.cfg M .bzrignore M Makefile.am M doc/HACKING M doc/HOWTO.xml M packaging/hipl-deb.spec M packaging/hipl-rpm.spec M packaging/openwrt/package/Makefile M test/certteststub.c M patches/wireshark/README === modified file '.bzrignore' --- .bzrignore 2010-04-17 11:18:23 +0000 +++ .bzrignore 2010-05-11 07:02:11 +0000 @@ -54,23 +54,9 @@ tags test/auth_performance test/certteststub -test/conntest-client-hip -test/conntest-client-native -test/conntest-client-native-user-key -test/conntest-client-opp -test/conntest-server -test/conntest-server-native -test/cookietest test/dh_performance test/dhtteststub -test/first_test -test/hashtest test/hc_performance -test/hipsetup -test/keygentest -test/listtest -test/opendhtteststub -test/sqliteteststub tools/hipconf tools/hipdnskeyparse tools/hipdnsproxy === modified file 'Makefile.am' --- Makefile.am 2010-05-09 13:09:02 +0000 +++ Makefile.am 2010-05-11 07:02:11 +0000 @@ -23,18 +23,7 @@ ### user programs ### bin_PROGRAMS = test/auth_performance \ test/certteststub \ - test/conntest-client-opp \ - test/conntest-client-hip \ - test/conntest-server \ - test/cookietest \ - test/hashtest \ - test/hc_performance \ - test/keygentest \ - test/listtest - -if HIP_AGENT -bin_PROGRAMS += test/sqliteteststub -endif + test/hc_performance if HIP_DHT bin_PROGRAMS += test/dhtteststub @@ -88,26 +77,11 @@ endif -### source declarations ### -test_conntest_client_hip_SOURCES = test/conntest-client-hip.c \ - test/conntest.c - -test_conntest_client_opp_SOURCES = test/conntest-client-opp.c \ - test/conntest.c - -test_conntest_server_SOURCES = test/conntest-server.c \ - test/conntest.c - test_auth_performance_SOURCES = test/auth_performance.c test_certteststub_SOURCES = test/certteststub.c -test_cookietest_SOURCES = test/cookietest.c test_dh_performance_SOURCES = test/dh_performance.c test_dhtteststub_SOURCES = test/dhtteststub.c -test_hashtest_SOURCES = test/hashtest.c test_hc_performance_SOURCES = test/hc_performance.c -test_keygentest_SOURCES = test/keygentest.c -test_listtest_SOURCES = test/listtest.c -test_sqliteteststub_SOURCES = test/sqliteteststub.c tools_hipconf_SOURCES = tools/hipconf.c tools_pisacert_SOURCES = tools/pisacert.c @@ -363,16 +337,9 @@ hipd_hipd_LDADD = lib/core/libhipcore.la test_auth_performance_LDADD = lib/core/libhipcore.la test_certteststub_LDADD = lib/core/libhipcore.la -test_conntest_client_hip_LDADD = lib/core/libhipcore.la -test_conntest_client_opp_LDADD = lib/core/libhipcore.la -test_conntest_server_LDADD = lib/core/libhipcore.la -test_cookietest_LDADD = lib/core/libhipcore.la test_dh_performance_LDADD = lib/core/libhipcore.la test_dhtteststub_LDADD = lib/core/libhipcore.la -test_hashtest_LDADD = lib/core/libhipcore.la test_hc_performance_LDADD = lib/core/libhipcore.la -test_keygentest_LDADD = lib/core/libhipcore.la -test_sqliteteststub_LDADD = lib/core/libhipcore.la tools_hipconf_LDADD = lib/core/libhipcore.la tools_pisacert_LDADD = lib/core/libhipcore.la === modified file 'doc/HACKING' --- doc/HACKING 2010-05-09 13:09:02 +0000 +++ doc/HACKING 2010-05-11 07:02:11 +0000 @@ -1212,33 +1212,13 @@ 2. Applications --------------- -Test with conntest-server BOTH tcp and udp: - -* conntest-client-gai peer_host_name_that_maps_to_hit_in_hosts -* conntest-client-gai peer_host_name_that_maps_to_hit_in_opendht -* conntest-client-gai peer_hostname_without_hit_map -* conntest-client-gai hit-in-hosts -* conntest-client-gai hit-in-broadcast -* conntest-client-gai hit-in-opendht -* conntest-client-gai ipv6-addr -* conntest-client ipv4-addr -* conntest-client ipv6-addr -* conntest-client ipv4_of_non_hip_host -* conntest-client ipv6_of_non_hip_host -* conntest-client peer_hit - Applications: * ping6 HIT -* hipconf run normal firefox -* hipconf run normal firefox + use www proxy -* hipconf run normal ssh peer_host_name_that_maps_to_hit -* hipconf run opp firefox -* hipconf run normal iperf -V hit -* hipconf run opp iperf ipv4-addr -* hipconf run opp iperf -V ipv6-addr - -* hi3 support? +* nc6 HIT +* nc LSI +* use dnsproxy to obtain HITs from DNS or DHT +* hipconf run opp nc/nc6 (both client & server side) 3. Base Exchange ---------------- === modified file 'doc/HOWTO.xml' --- doc/HOWTO.xml 2010-05-09 12:30:33 +0000 +++ doc/HOWTO.xml 2010-05-11 07:02:11 +0000 @@ -980,9 +980,6 @@ $(INSTALL_DATA) ./files/hipfw.init $(1)/etc/init.d/hipfw $(INSTALL_DATA) ./files/hipl.modules $(1)/etc/modules.d/35-hipl $(INSTALL_DATA) ./files/test/* $(1)/etc/init.d/test/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/conntest* $(1)/usr/bin/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/hipsetup* $(1)/usr/bin/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/listifaces* $(1)/usr/bin/ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/* $(1)/usr/sbin/ endif </programlisting> @@ -1678,7 +1675,7 @@ </table> <para> - The servers are running public http service and respond to ICMPv4 and ICMPv6. They are not running "conntest-server" software as described elsewhere in this document. + The servers are running public http service and respond to ICMPv4 and ICMPv6. </para> <para>To use access the servers using HIP behind a NAT box, you @@ -1728,10 +1725,9 @@ <section id="ipv6_appl"> <title>Testing a HIP connection with an IPv6 application</title> <para> You can test HIP with any networking application, but in this - section we will demonstrate few development-oriented test - applications.</para> - <para> You should run conntest-client-hip and conntest-server with root privileges - if conntest-server port number is less than 1024.</para> + section we will demonstrate few command line applications.</para> + <para> You should run nc6 with root privileges at the server side + if the port number is less than 1024.</para> <para>In this section we will use ipv6 addresses, but you can use also ipv4 addresses. Furthermore, the use of hipfw is optional.</para> <para> @@ -1748,7 +1744,7 @@ hipd/hipd # (to start as a background daemon process, add -b flag) </para></listitem> <listitem><para> - conntest-server tcp 1111 + nc6 -l -p 1111 </para></listitem> </itemizedlist> <para> @@ -1781,10 +1777,10 @@ hipd/hipd </para></listitem> <listitem><para> - conntest-client-hip oops tcp 1111 + nc6 oops 1111 </para></listitem> <listitem><para> - ;<Type some text in crash, press enter and ctrl+d and you + ;<Type some text in crash, press enter and you should see some text appearing in the output of the hosts> </para></listitem> </itemizedlist> @@ -2723,8 +2719,8 @@ "hipconf dht get <hostname|HIT>". </para></listitem> <listitem><para> - To test, just run normally conntest-server - and conntest-client-hip between hosts. You would see messages + To test, just run normally nc6 + between the two hosts. You would see messages from hipd and conntest showing DNS->HIT->IP lookups. Everything should work without additional actions. </para></listitem> @@ -3138,9 +3134,7 @@ <abstract> <para> In this section, we show how to use the rendezvous server to establish - a HIP connection between two HIP hosts using the "<emphasis>conntest-server</emphasis>" - connection test server and the "<emphasis>conntest-client-hip</emphasis>" connection - test client. + a HIP connection between two HIP hosts using nc6. </para> </abstract> <section id="sec_rvs_prelim"> @@ -3268,11 +3262,11 @@ <listitem><para> At the responder, start a server listening for incoming connections (5000 is an example port number): - <programlisting>conntest-server tcp 5000</programlisting> + <programlisting>nc6 -l -p 5000</programlisting> </para></listitem> <listitem><para> - At the initiator, start a connection test client: - <programlisting>conntest-client-hip <RESPONDER-HOSTNAME> tcp 5000</programlisting> + At the initiator, start a client: + <programlisting>nc6 <RESPONDER-HOSTNAME> 5000</programlisting> </para></listitem> <listitem><para> At the initiator, type some text and press <command>CTRL + d</command>. If everything @@ -3402,9 +3396,7 @@ <abstract> <para> In this section, we show how to use the relay server to establish a - HIP connection between two HIP hosts using the - "<emphasis>conntest-server</emphasis>" connection test server and the - "<emphasis>conntest-client-hip</emphasis>" connection test client. + HIP connection between two HIP hosts using nc6. </para> </abstract> <section id="sec_relay_prelim"> @@ -3441,9 +3433,7 @@ </para> <para> In this section, we show how to use the HIP relay server to establish a - HIP connection between two HIP hosts using the "<emphasis>conntest-server</emphasis>" - connection test server and the "<emphasis>conntest-client-hip</emphasis>" connection - test client. + HIP connection between two HIP hosts using nc6. </para> <mediaobject> <imageobject> @@ -3502,17 +3492,17 @@ At the responder, start a server listening for incoming connections (5000 is an example port number): <programlisting> - conntest-server tcp 5000 + nc6 -l -p 5000 </programlisting> </para></listitem> <listitem><para> At the initiator, start a connection test client: <programlisting> - conntest-client-hip <RESPONDER-HOSTNAME> tcp 5000 + nc6 <RESPONDER-HOSTNAME> 5000 </programlisting> </para></listitem> <listitem><para> - At the initiator, type some text and press <command>CTRL + d</command>. If everything + At the initiator, type some text and press enter. If everything works as it should, the typed text should now be echoed at the responder. </para></listitem> @@ -3949,7 +3939,7 @@ has not been implemented yet. </para> <para>If you have problems in even getting I1 triggered using NAT code - e.g. with conntest-client-hip (occurred on 2.6.16.5), you may have + e.g. with nc6 (occurred on 2.6.16.5 kernel version), you may have to specify the source HIT explicitly. The procedure to initiate a connection behind NAT is as follows: </para> @@ -4653,7 +4643,7 @@ </para></listitem> <listitem><para> Wait until the trigger is inserted (see log file) and continue with e.g. - ping6 or conntest-client-hip with testing. + ping6 or nc6 with testing. </para></listitem> </itemizedlist> === removed directory 'doc/openwrt' === removed directory 'doc/openwrt/FoneraHack' === added directory 'packaging/debian-init.d' === added directory 'packaging/fedora-init.d' === modified file 'packaging/hipl-deb.spec' --- packaging/hipl-deb.spec 2010-05-04 20:58:15 +0000 +++ packaging/hipl-deb.spec 2010-05-11 07:02:11 +0000 @@ -21,7 +21,7 @@ HIP for Linux (HIPL) is an implementation of a HIP implementation that consists of the key and mobility management daemon. It includes also -other related tools and test software. +other related tools. %prep %setup @@ -70,7 +70,7 @@ %package all Summary: HIPL software bundle: HIP for Linux libraries, daemons and documentation Group: System Environment/Kernel -Requires: hipl-lib, hipl-firewall, hipl-daemon, hipl-agent, hipl-tools, hipl-test, hipl-doc, hipl-dnsproxy +Requires: hipl-lib, hipl-firewall, hipl-daemon, hipl-agent, hipl-tools, hipl-doc, hipl-dnsproxy %description all %package minimal @@ -103,12 +103,6 @@ Group: System Environment/Kernel %description firewall -%package test -Requires: hipl-daemon -Summary: netcat-like command line tools with built-in HIP support for developers -Group: System Environment/Kernel -%description test - %package doc Summary: documentation for HIP for Linux Group: System Environment/Kernel @@ -137,9 +131,9 @@ install -d %{buildroot}/etc/init.d install -d %{buildroot}/doc make DESTDIR=%{buildroot} install -install -m 755 packaging/debian-init.d-hipfw %{buildroot}/etc/init.d/hipfw -install -m 755 packaging/debian-init.d-hipd %{buildroot}/etc/init.d/hipd -install -m 755 packaging/debian-init.d-dnsproxy %{buildroot}/etc/init.d/hipdnsproxy +install -m 755 packaging/debian-init.d/hipfw %{buildroot}/etc/init.d/hipfw +install -m 755 packaging/debian-init.d/hipd %{buildroot}/etc/init.d/hipd +install -m 755 packaging/debian-init.d/dnsproxy %{buildroot}/etc/init.d/hipdnsproxy install -m 644 doc/HOWTO.txt %{buildroot}/doc install -d %{buildroot}/usr/lib/python2.6/dist-packages/DNS install -t %{buildroot}/usr/lib/python2.6/dist-packages/DNS tools/hipdnsproxy/DNS/*py* @@ -208,11 +202,6 @@ /usr/sbin/nsupdate.pl %defattr(755,root,root) -%files test -/usr/bin/conntest-client-opp -/usr/bin/conntest-client-hip -/usr/bin/conntest-server - %files firewall /usr/sbin/hipfw %config /etc/init.d/hipfw === modified file 'packaging/hipl-rpm.spec' --- packaging/hipl-rpm.spec 2010-05-04 20:58:15 +0000 +++ packaging/hipl-rpm.spec 2010-05-11 07:02:11 +0000 @@ -22,7 +22,7 @@ HIP for Linux (HIPL) is an implementation of a HIP implementation that consists of the key and mobility management daemon. It includes also -other related tools and test software. +other related tools. %prep %setup @@ -54,7 +54,7 @@ %package all Summary: Full HIPL software bundle. This virtual package is suitable e.g. for client machines. Group: System Environment/Kernel -Requires: hipl-lib hipl-firewall hipl-daemon hipl-agent hipl-tools hipl-test hipl-doc hipl-dnsproxy +Requires: hipl-lib hipl-firewall hipl-daemon hipl-agent hipl-tools hipl-doc hipl-dnsproxy %description all %package minimal @@ -87,12 +87,6 @@ Group: System Environment/Kernel %description firewall -%package test -Requires: hipl-lib hipl-daemon -Summary: netcat-like command line tools with built-in HIP support for developers -Group: System Environment/Kernel -%description test - %package doc Summary: documentation for HIP for Linux Group: System Environment/Kernel @@ -125,9 +119,9 @@ install -d %{buildroot}/etc/rc.d/init.d install -d %{buildroot}/doc make DESTDIR=%{buildroot} install -install -m 755 packaging/rh-init.d-hipfw %{buildroot}/etc/rc.d/init.d/hipfw -install -m 755 packaging/rh-init.d-hipd %{buildroot}/etc/rc.d/init.d/hipd -install -m 755 packaging/rh-init.d-dnsproxy %{buildroot}/etc/rc.d/init.d/hipdnsproxy +install -m 755 packaging/fedora-init.d/hipfw %{buildroot}/etc/rc.d/init.d/hipfw +install -m 755 packaging/fedora-init.d/hipd %{buildroot}/etc/rc.d/init.d/hipd +install -m 755 packaging/fedora-init.d/dnsproxy %{buildroot}/etc/rc.d/init.d/hipdnsproxy install -m 644 doc/HOWTO.txt %{buildroot}/doc install -d %{buildroot}%{python_sitelib}/DNS install -t %{buildroot}%{python_sitelib}/DNS tools/hipdnsproxy/DNS/*py* @@ -231,11 +225,6 @@ %{prefix}/sbin/nsupdate.pl %defattr(755,root,root) -%files test -%{prefix}/bin/conntest-client-opp -%{prefix}/bin/conntest-client-hip -%{prefix}/bin/conntest-server - %files firewall %{prefix}/sbin/hipfw %config /etc/rc.d/init.d/hipfw === renamed directory 'patches/openwrt' => 'packaging/openwrt' === modified file 'packaging/openwrt/package/Makefile' --- patches/openwrt/package/Makefile 2010-05-03 16:43:45 +0000 +++ packaging/openwrt/package/Makefile 2010-05-11 07:02:11 +0000 @@ -64,18 +64,6 @@ The scripts for running the hipproxy. endef -define Package/hipl-test - SECTION:=net - CATEGORY:=Network - DEPENDS:=+hipl-hipd - TITLE:=HIPL testing application - URL:=http://hipl.hiit.fi/ -endef - -define Package/hipl-test/description - Some applications and configs needed for testing HIPL. -endef - define Package/hipl-common SECTION:=net CATEGORY:=Network @@ -139,14 +127,6 @@ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/hipdnsproxy $(1)/usr/sbin/ endef -define Package/hipl-test/install - $(INSTALL_DIR) $(1)/etc/hip/test/ - $(INSTALL_DIR) $(1)/usr/bin/ - - $(INSTALL_BIN) ./files/test/* $(1)/etc/hip/test/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/conntest* $(1)/usr/bin/ -endef - define Package/hipl-common/install $(INSTALL_DIR) $(1)/etc/hip/ $(INSTALL_DIR) $(1)/etc/modules.d/ @@ -167,4 +147,3 @@ $(eval $(call BuildPackage,hipl-hipfw)) $(eval $(call BuildPackage,hipl-hipconf)) $(eval $(call BuildPackage,hipl-hipproxy)) -$(eval $(call BuildPackage,hipl-test)) === removed directory 'patches/misc' === modified file 'test/certteststub.c' --- test/certteststub.c 2010-04-13 15:47:28 +0000 +++ test/certteststub.c 2010-05-11 07:02:11 +0000 @@ -25,80 +25,6 @@ #include "lib/core/debug.h" #include "lib/core/certtools.h" -/** - * compression_test - Function that takes len bytes of data in orig pointer and - * then compresses (using Zlib) it and uncompresses it and compares it to the - * original. The lengths of the original and compressed data are printed - * - * @param orig is a pointer to the char table containing the data to be compressed - * @param len is the length of the data to be compressed - * - * @return void - * - * @note this is just a test function for the certteststub and not very usefull for - * anything else unless modified - */ -static void compression_test(unsigned char *orig, int len) -{ - unsigned char original[1024]; - unsigned char compressed[1024]; - unsigned char uncompressed[1024]; - int return_value = 0; - uLongf compressed_buf_length = 0; - uLongf uncompressed_buf_length = 0; - - HIP_DEBUG("Testing Zlib compression on the data\n"); - memset(&compressed, '\0', sizeof(compressed)); - memset(&uncompressed, '0', sizeof(uncompressed)); - memcpy(original, orig, len); - - compressed_buf_length = sizeof(compressed); - - return_value = compress2((Bytef *) compressed,&compressed_buf_length, - (Bytef *) &original, (uLong) len, - Z_BEST_COMPRESSION); - - if (return_value == Z_OK) { - HIP_DEBUG("Compression was succesfull\n"); - } - - if (return_value == Z_BUF_ERROR) { - HIP_DEBUG("Compression was NOT succesfull (given buffer is too small)\n"); - } - if (return_value == Z_MEM_ERROR) { - HIP_DEBUG("Compression was NOT succesfull (not enough memory)\n"); - } - - uncompressed_buf_length = sizeof(uncompressed); - - /* compressed_buf_length contains used buffer length after compress */ - HIP_DEBUG("Uncompressed data length: %d\n" - "Compressed data length: %d\n", - len, compressed_buf_length); - - return_value = uncompress((Bytef *) uncompressed, &uncompressed_buf_length, - (Bytef *) compressed, - (uLong) compressed_buf_length); - - if (return_value == Z_OK) { - HIP_DEBUG("Uncompression was succesfull\n"); - } - - if (return_value == Z_BUF_ERROR) { - HIP_DEBUG("Uncompression was NOT succesfull (given buffer is too small)\n"); - } - if (return_value == Z_MEM_ERROR) { - HIP_DEBUG("Uncompression was NOT succesfull (not enough memory)\n"); - } - - if (memcmp(original, uncompressed, len) == 0) { - HIP_DEBUG("Uncompressed data did match the original\n\n"); - } else { - HIP_DEBUG("Uncompressed data did NOT match the original\n\n"); - } - - return; -} int main(int argc, char *argv[]) { @@ -203,8 +129,6 @@ certificate, strlen(certificate)); - compression_test((unsigned char *) certificate, strlen(certificate)); - HIP_IFEL(hip_cert_spki_char2certinfo(certificate, to_verification), -1, "Failed to construct the hip_cert_spki_info from certificate\n"); @@ -251,8 +175,6 @@ hip_cert_free_conf(conf); len = hip_cert_x509v3_request_certificate(defhit, der_cert); - compression_test(der_cert, len); - /** Now send it back for the verification */ HIP_IFEL(((err = hip_cert_x509v3_request_verification(der_cert, len)) < 0), -1, "Failed to verify a certificate\n");