X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=ssl%2Ft1_trce.c;h=b96f532e5a892373e12f3bc7c22add25100d2d5f;hb=a37008d90fc4d2bd31a747aebdaf59eaa4e6efaf;hp=e99a2ceca852f6349b01f6566dc7492bd7ebe5a7;hpb=fa64210a88a90277aa499fd1616102e5f11967be;p=openssl.git diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index e99a2ceca8..b96f532e5a 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -85,6 +85,7 @@ static ssl_trace_tbl ssl_handshake_tbl[] = { {SSL3_MT_SERVER_HELLO, "ServerHello"}, {DTLS1_MT_HELLO_VERIFY_REQUEST, "HelloVerifyRequest"}, {SSL3_MT_NEWSESSION_TICKET, "NewSessionTicket"}, + {SSL3_MT_END_OF_EARLY_DATA, "EndOfEarlyData"}, {SSL3_MT_HELLO_RETRY_REQUEST, "HelloRetryRequest"}, {SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions"}, {SSL3_MT_CERTIFICATE, "Certificate"}, @@ -97,7 +98,11 @@ static ssl_trace_tbl ssl_handshake_tbl[] = { {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"}, {SSL3_MT_FINISHED, "Finished"}, {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"}, - {SSL3_MT_KEY_UPDATE, "KeyUpdate"} + {SSL3_MT_KEY_UPDATE, "KeyUpdate"}, +# ifndef OPENSSL_NO_NEXTPROTONEG + {SSL3_MT_NEXT_PROTO, "NextProto"}, +# endif + {SSL3_MT_MESSAGE_HASH, "MessageHash"} }; /* Cipher suites */ @@ -475,7 +480,8 @@ static ssl_trace_tbl ssl_exts_tbl[] = { {TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"}, {TLSEXT_TYPE_padding, "padding"}, {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"}, - {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"} + {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"}, + {TLSEXT_TYPE_early_data, "early_data"} }; static ssl_trace_tbl ssl_groups_tbl[] = { @@ -680,6 +686,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, { size_t xlen, share_len; unsigned int sigalg; + uint32_t max_early_data; BIO_indent(bio, indent, 80); BIO_printf(bio, "extension_type=%s(%d), length=%d\n", @@ -830,6 +837,17 @@ static int ssl_print_extension(BIO *bio, int indent, int server, return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_psk_kex_modes_tbl); + case TLSEXT_TYPE_early_data: + if (mt != SSL3_MT_NEWSESSION_TICKET) + break; + if (extlen != 4) + return 0; + max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8) + | ext[3]; + BIO_indent(bio, indent + 2, 80); + BIO_printf(bio, "max_early_data=%u\n", max_early_data); + break; + default: BIO_dump_indent(bio, (const char *)ext, extlen, indent + 2); } @@ -979,6 +997,29 @@ static int ssl_print_server_hello(BIO *bio, int indent, return 1; } +static int ssl_print_hello_retry_request(BIO *bio, int indent, + const unsigned char *msg, + size_t msglen) +{ + unsigned int cs; + + if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, NULL)) + return 0; + + cs = (msg[0] << 8) | msg[1]; + BIO_indent(bio, indent, 80); + BIO_printf(bio, "cipher_suite {0x%02X, 0x%02X} %s\n", + msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); + msg += 2; + msglen -= 2; + + if (!ssl_print_extensions(bio, indent, 1, SSL3_MT_HELLO_RETRY_REQUEST, &msg, + &msglen)) + return 0; + + return 1; +} + static int ssl_get_keyex(const char **pname, SSL *ssl) { unsigned long alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey; @@ -1409,11 +1450,7 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl, int server, break; case SSL3_MT_HELLO_RETRY_REQUEST: - if (!ssl_print_version(bio, indent + 2, "server_version", &msg, &msglen, - NULL) - || !ssl_print_extensions(bio, indent + 2, 1, - SSL3_MT_HELLO_RETRY_REQUEST, &msg, - &msglen)) + if (!ssl_print_hello_retry_request(bio, indent + 2, msg, msglen)) return 0; break;