2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright 2005 Nokia. All rights reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
12 #include "ssl_local.h"
14 const char *SSL_state_string_long(const SSL *s)
16 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
18 if (sc == NULL || ossl_statem_in_error(sc))
21 switch (SSL_get_state(s)) {
22 case TLS_ST_CR_CERT_STATUS:
23 return "SSLv3/TLS read certificate status";
24 case TLS_ST_CW_NEXT_PROTO:
25 return "SSLv3/TLS write next proto";
26 case TLS_ST_SR_NEXT_PROTO:
27 return "SSLv3/TLS read next proto";
28 case TLS_ST_SW_CERT_STATUS:
29 return "SSLv3/TLS write certificate status";
31 return "before SSL initialization";
33 return "SSL negotiation finished successfully";
34 case TLS_ST_CW_CLNT_HELLO:
35 return "SSLv3/TLS write client hello";
36 case TLS_ST_CR_SRVR_HELLO:
37 return "SSLv3/TLS read server hello";
39 return "SSLv3/TLS read server certificate";
40 case TLS_ST_CR_KEY_EXCH:
41 return "SSLv3/TLS read server key exchange";
42 case TLS_ST_CR_CERT_REQ:
43 return "SSLv3/TLS read server certificate request";
44 case TLS_ST_CR_SESSION_TICKET:
45 return "SSLv3/TLS read server session ticket";
46 case TLS_ST_CR_SRVR_DONE:
47 return "SSLv3/TLS read server done";
49 return "SSLv3/TLS write client certificate";
50 case TLS_ST_CW_KEY_EXCH:
51 return "SSLv3/TLS write client key exchange";
52 case TLS_ST_CW_CERT_VRFY:
53 return "SSLv3/TLS write certificate verify";
54 case TLS_ST_CW_CHANGE:
55 case TLS_ST_SW_CHANGE:
56 return "SSLv3/TLS write change cipher spec";
57 case TLS_ST_CW_FINISHED:
58 case TLS_ST_SW_FINISHED:
59 return "SSLv3/TLS write finished";
60 case TLS_ST_CR_CHANGE:
61 case TLS_ST_SR_CHANGE:
62 return "SSLv3/TLS read change cipher spec";
63 case TLS_ST_CR_FINISHED:
64 case TLS_ST_SR_FINISHED:
65 return "SSLv3/TLS read finished";
66 case TLS_ST_SR_CLNT_HELLO:
67 return "SSLv3/TLS read client hello";
68 case TLS_ST_SW_HELLO_REQ:
69 return "SSLv3/TLS write hello request";
70 case TLS_ST_SW_SRVR_HELLO:
71 return "SSLv3/TLS write server hello";
73 return "SSLv3/TLS write certificate";
74 case TLS_ST_SW_KEY_EXCH:
75 return "SSLv3/TLS write key exchange";
76 case TLS_ST_SW_CERT_REQ:
77 return "SSLv3/TLS write certificate request";
78 case TLS_ST_SW_SESSION_TICKET:
79 return "SSLv3/TLS write session ticket";
80 case TLS_ST_SW_SRVR_DONE:
81 return "SSLv3/TLS write server done";
83 return "SSLv3/TLS read client certificate";
84 case TLS_ST_SR_KEY_EXCH:
85 return "SSLv3/TLS read client key exchange";
86 case TLS_ST_SR_CERT_VRFY:
87 return "SSLv3/TLS read certificate verify";
88 case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
89 return "DTLS1 read hello verify request";
90 case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
91 return "DTLS1 write hello verify request";
92 case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
93 return "TLSv1.3 write encrypted extensions";
94 case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
95 return "TLSv1.3 read encrypted extensions";
96 case TLS_ST_CR_CERT_VRFY:
97 return "TLSv1.3 read server certificate verify";
98 case TLS_ST_SW_CERT_VRFY:
99 return "TLSv1.3 write server certificate verify";
100 case TLS_ST_CR_HELLO_REQ:
101 return "SSLv3/TLS read hello request";
102 case TLS_ST_SW_KEY_UPDATE:
103 return "TLSv1.3 write server key update";
104 case TLS_ST_CW_KEY_UPDATE:
105 return "TLSv1.3 write client key update";
106 case TLS_ST_SR_KEY_UPDATE:
107 return "TLSv1.3 read client key update";
108 case TLS_ST_CR_KEY_UPDATE:
109 return "TLSv1.3 read server key update";
110 case TLS_ST_EARLY_DATA:
111 return "TLSv1.3 early data";
112 case TLS_ST_PENDING_EARLY_DATA_END:
113 return "TLSv1.3 pending early data end";
114 case TLS_ST_CW_END_OF_EARLY_DATA:
115 return "TLSv1.3 write end of early data";
116 case TLS_ST_SR_END_OF_EARLY_DATA:
117 return "TLSv1.3 read end of early data";
119 return "unknown state";
123 const char *SSL_state_string(const SSL *s)
125 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
127 if (sc == NULL || ossl_statem_in_error(sc))
130 switch (SSL_get_state(s)) {
131 case TLS_ST_SR_NEXT_PROTO:
133 case TLS_ST_SW_SESSION_TICKET:
135 case TLS_ST_SW_CERT_STATUS:
137 case TLS_ST_CR_CERT_STATUS:
139 case TLS_ST_CR_SESSION_TICKET:
141 case TLS_ST_CW_NEXT_PROTO:
147 case TLS_ST_CW_CLNT_HELLO:
149 case TLS_ST_CR_SRVR_HELLO:
153 case TLS_ST_CR_KEY_EXCH:
155 case TLS_ST_CR_CERT_REQ:
157 case TLS_ST_CR_SRVR_DONE:
161 case TLS_ST_CW_KEY_EXCH:
163 case TLS_ST_CW_CERT_VRFY:
165 case TLS_ST_SW_CHANGE:
166 case TLS_ST_CW_CHANGE:
168 case TLS_ST_SW_FINISHED:
169 case TLS_ST_CW_FINISHED:
171 case TLS_ST_SR_CHANGE:
172 case TLS_ST_CR_CHANGE:
174 case TLS_ST_SR_FINISHED:
175 case TLS_ST_CR_FINISHED:
177 case TLS_ST_SW_HELLO_REQ:
179 case TLS_ST_SR_CLNT_HELLO:
181 case TLS_ST_SW_SRVR_HELLO:
185 case TLS_ST_SW_KEY_EXCH:
187 case TLS_ST_SW_CERT_REQ:
189 case TLS_ST_SW_SRVR_DONE:
193 case TLS_ST_SR_KEY_EXCH:
195 case TLS_ST_SR_CERT_VRFY:
197 case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
199 case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
201 case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
203 case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
205 case TLS_ST_CR_CERT_VRFY:
207 case TLS_ST_SW_CERT_VRFY:
209 case TLS_ST_CR_HELLO_REQ:
211 case TLS_ST_SW_KEY_UPDATE:
213 case TLS_ST_CW_KEY_UPDATE:
215 case TLS_ST_SR_KEY_UPDATE:
217 case TLS_ST_CR_KEY_UPDATE:
219 case TLS_ST_EARLY_DATA:
221 case TLS_ST_PENDING_EARLY_DATA_END:
223 case TLS_ST_CW_END_OF_EARLY_DATA:
225 case TLS_ST_SR_END_OF_EARLY_DATA:
232 const char *SSL_alert_type_string_long(int value)
234 switch (value >> 8) {
235 case SSL3_AL_WARNING:
244 const char *SSL_alert_type_string(int value)
246 switch (value >> 8) {
247 case SSL3_AL_WARNING:
256 const char *SSL_alert_desc_string(int value)
258 switch (value & 0xff) {
259 case SSL3_AD_CLOSE_NOTIFY:
261 case SSL3_AD_UNEXPECTED_MESSAGE:
263 case SSL3_AD_BAD_RECORD_MAC:
265 case SSL3_AD_DECOMPRESSION_FAILURE:
267 case SSL3_AD_HANDSHAKE_FAILURE:
269 case SSL3_AD_NO_CERTIFICATE:
271 case SSL3_AD_BAD_CERTIFICATE:
273 case SSL3_AD_UNSUPPORTED_CERTIFICATE:
275 case SSL3_AD_CERTIFICATE_REVOKED:
277 case SSL3_AD_CERTIFICATE_EXPIRED:
279 case SSL3_AD_CERTIFICATE_UNKNOWN:
281 case SSL3_AD_ILLEGAL_PARAMETER:
283 case TLS1_AD_DECRYPTION_FAILED:
285 case TLS1_AD_RECORD_OVERFLOW:
287 case TLS1_AD_UNKNOWN_CA:
289 case TLS1_AD_ACCESS_DENIED:
291 case TLS1_AD_DECODE_ERROR:
293 case TLS1_AD_DECRYPT_ERROR:
295 case TLS1_AD_EXPORT_RESTRICTION:
297 case TLS1_AD_PROTOCOL_VERSION:
299 case TLS1_AD_INSUFFICIENT_SECURITY:
301 case TLS1_AD_INTERNAL_ERROR:
303 case TLS1_AD_USER_CANCELLED:
305 case TLS1_AD_NO_RENEGOTIATION:
307 case TLS1_AD_UNSUPPORTED_EXTENSION:
309 case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
311 case TLS1_AD_UNRECOGNIZED_NAME:
313 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
315 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
317 case TLS1_AD_UNKNOWN_PSK_IDENTITY:
324 const char *SSL_alert_desc_string_long(int value)
326 switch (value & 0xff) {
327 case SSL3_AD_CLOSE_NOTIFY:
328 return "close notify";
329 case SSL3_AD_UNEXPECTED_MESSAGE:
330 return "unexpected_message";
331 case SSL3_AD_BAD_RECORD_MAC:
332 return "bad record mac";
333 case SSL3_AD_DECOMPRESSION_FAILURE:
334 return "decompression failure";
335 case SSL3_AD_HANDSHAKE_FAILURE:
336 return "handshake failure";
337 case SSL3_AD_NO_CERTIFICATE:
338 return "no certificate";
339 case SSL3_AD_BAD_CERTIFICATE:
340 return "bad certificate";
341 case SSL3_AD_UNSUPPORTED_CERTIFICATE:
342 return "unsupported certificate";
343 case SSL3_AD_CERTIFICATE_REVOKED:
344 return "certificate revoked";
345 case SSL3_AD_CERTIFICATE_EXPIRED:
346 return "certificate expired";
347 case SSL3_AD_CERTIFICATE_UNKNOWN:
348 return "certificate unknown";
349 case SSL3_AD_ILLEGAL_PARAMETER:
350 return "illegal parameter";
351 case TLS1_AD_DECRYPTION_FAILED:
352 return "decryption failed";
353 case TLS1_AD_RECORD_OVERFLOW:
354 return "record overflow";
355 case TLS1_AD_UNKNOWN_CA:
357 case TLS1_AD_ACCESS_DENIED:
358 return "access denied";
359 case TLS1_AD_DECODE_ERROR:
360 return "decode error";
361 case TLS1_AD_DECRYPT_ERROR:
362 return "decrypt error";
363 case TLS1_AD_EXPORT_RESTRICTION:
364 return "export restriction";
365 case TLS1_AD_PROTOCOL_VERSION:
366 return "protocol version";
367 case TLS1_AD_INSUFFICIENT_SECURITY:
368 return "insufficient security";
369 case TLS1_AD_INTERNAL_ERROR:
370 return "internal error";
371 case TLS1_AD_USER_CANCELLED:
372 return "user canceled";
373 case TLS1_AD_NO_RENEGOTIATION:
374 return "no renegotiation";
375 case TLS1_AD_UNSUPPORTED_EXTENSION:
376 return "unsupported extension";
377 case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
378 return "certificate unobtainable";
379 case TLS1_AD_UNRECOGNIZED_NAME:
380 return "unrecognized name";
381 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
382 return "bad certificate status response";
383 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
384 return "bad certificate hash value";
385 case TLS1_AD_UNKNOWN_PSK_IDENTITY:
386 return "unknown PSK identity";
387 case TLS1_AD_NO_APPLICATION_PROTOCOL:
388 return "no application protocol";