do_ssl_trace_list(bio, indent, msg, msglen, value, \
table, sizeof(table)/sizeof(ssl_trace_tbl))
-
static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl)
{
size_t i;
{TLS1_1_VERSION, "TLS 1.1"},
{TLS1_2_VERSION, "TLS 1.2"},
{DTLS1_VERSION, "DTLS 1.0"},
+ {DTLS1_2_VERSION, "DTLS 1.2"},
{DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
};
{23, "secp256r1 (P-256)"},
{24, "secp384r1 (P-384)"},
{25, "secp521r1 (P-521)"},
+ {26, "brainpoolP256r1"},
+ {27, "brainpoolP384r1"},
+ {28, "brainpoolP512r1"},
{0xFF01, "arbitrary_explicit_prime_curves"},
{0xFF02, "arbitrary_explicit_char2_curves"}
};
{
if (*pmsglen < 2)
return 0;
- if (TLS1_get_version(s) >= TLS1_2_VERSION)
+ if (SSL_USE_SIGALGS(s))
{
const unsigned char *p = *pmsg;
BIO_indent(bio, indent, 80);
return 1;
}
-static int ssl_print_client_hello(BIO *bio, int indent,
+static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent,
const unsigned char *msg, size_t msglen)
{
size_t len;
return 0;
if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen))
return 0;
+ if (SSL_IS_DTLS(ssl))
+ {
+ if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
+ return 0;
+ }
if (msglen < 2)
return 0;
len = (msg[0] << 8) | msg[1];
return 1;
}
+static int dtls_print_hello_vfyrequest(BIO *bio, int indent,
+ const unsigned char *msg, size_t msglen)
+ {
+ if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen))
+ return 0;
+ if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
+ return 0;
+ return 1;
+ }
+
static int ssl_print_server_hello(BIO *bio, int indent,
const unsigned char *msg, size_t msglen)
{
*pname = "krb5";
return SSL_kKRB5;
}
- if (alg_k & SSL_kEDH)
+ if (alg_k & SSL_kDHE)
{
- *pname = "edh";
- return SSL_kEDH;
+ *pname = "DHE";
+ return SSL_kDHE;
}
- if (alg_k & SSL_kEECDH)
+ if (alg_k & SSL_kECDHE)
{
- *pname = "EECDH";
- return SSL_kEECDH;
+ *pname = "ECDHE";
+ return SSL_kECDHE;
}
if (alg_k & SSL_kECDHr)
{
{
case SSL_kRSA:
- if (!ssl_print_hexbuf(bio, indent + 2,
+ if (TLS1_get_version(ssl) == SSL3_VERSION)
+ {
+ ssl_print_hex(bio, indent + 2,
+ "EncyptedPreMasterSecret",
+ msg, msglen);
+ }
+ else
+ {
+ if (!ssl_print_hexbuf(bio, indent + 2,
"EncyptedPreMasterSecret", 2,
&msg, &msglen))
return 0;
+ }
break;
/* Implicit parameters only allowed for static DH */
BIO_puts(bio, "implicit\n");
break;
}
- case SSL_kEDH:
+ case SSL_kDHE:
if (!ssl_print_hexbuf(bio, indent + 2, "dh_Yc", 2,
&msg, &msglen))
return 0;
BIO_puts(bio, "implicit\n");
break;
}
- case SSL_kEECDH:
+ case SSL_kECDHE:
if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1,
&msg, &msglen))
return 0;
return 0;
break;
- case SSL_kEDH:
+ case SSL_kDHE:
if (!ssl_print_hexbuf(bio, indent + 2, "dh_p", 2,
&msg, &msglen))
return 0;
return 0;
break;
- case SSL_kEECDH:
+ case SSL_kECDHE:
if (msglen < 1)
return 0;
BIO_indent(bio, indent + 2, 80);
return 0;
msg += xlen;
msglen -= xlen + 1;
- if (TLS1_get_version(s) < TLS1_2_VERSION)
+ if (!SSL_USE_SIGALGS(s))
goto skip_sig;
if (msglen < 2)
return 0;
nm = d2i_X509_NAME(NULL, &p, dlen);
if (!nm)
{
- BIO_puts(bio, "<UNPARESABLE DN>\n");
+ BIO_puts(bio, "<UNPARSEABLE DN>\n");
}
else
{
return 1;
}
+
static int ssl_print_handshake(BIO *bio, SSL *ssl,
const unsigned char *msg, size_t msglen,
int indent)
(int)hlen);
msg += 4;
msglen -= 4;
+ if (SSL_IS_DTLS(ssl))
+ {
+ if (msglen < 8)
+ return 0;
+ BIO_indent(bio, indent, 80);
+ BIO_printf(bio, "message_seq=%d, fragment_offset=%d, "
+ "fragment_length=%d\n",
+ (msg[0] << 8) | msg[1],
+ (msg[2] << 16) | (msg[3] << 8) | msg[4],
+ (msg[5] << 16) | (msg[6] << 8) | msg[7]);
+ msg += 8;
+ msglen -= 8;
+ }
if (msglen < hlen)
return 0;
switch(htype)
{
case SSL3_MT_CLIENT_HELLO:
- if (!ssl_print_client_hello(bio, indent + 2, msg, msglen))
+ if (!ssl_print_client_hello(bio, ssl, indent + 2, msg, msglen))
+ return 0;
+ break;
+
+ case DTLS1_MT_HELLO_VERIFY_REQUEST:
+ if (!dtls_print_hello_vfyrequest(bio, indent + 2, msg, msglen))
return 0;
break;
msg, msglen);
return;
}
-
- BIO_printf(bio, "%s Record: Version = %s (0x%x)",
- write_p ? "Sent" : "Received",
- ssl_trace_str(version, ssl_version_tbl),
- version);
- BIO_printf(bio, " Length=%d\n", (int)msglen);
- BIO_printf(bio, " Content Type = %s (%d)\n",
- ssl_trace_str(content_type, ssl_content_tbl),
- content_type);
-
switch (content_type)
{
+ case SSL3_RT_HEADER:
+ {
+ int hvers = msg[1] << 8 | msg[2];
+ BIO_puts(bio, write_p ? "Sent" : "Received");
+ BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n",
+ ssl_trace_str(hvers, ssl_version_tbl), hvers);
+ if (SSL_IS_DTLS(ssl))
+ {
+ BIO_printf(bio,
+ " epoch=%d, sequence_number=%04x%04x%04x\n",
+ (msg[3] << 8 | msg[4]),
+ (msg[5] << 8 | msg[6]),
+ (msg[7] << 8 | msg[8]),
+ (msg[9] << 8 | msg[10]));
+#if 0
+ /* Just print handshake type so we can see what is
+ * going on during fragmentation.
+ */
+ BIO_printf(bio, "(%s)\n",
+ ssl_trace_str(msg[msglen], ssl_handshake_tbl));
+#endif
+ }
+
+ BIO_printf(bio, " Content Type = %s (%d)\n Length = %d",
+ ssl_trace_str(msg[0], ssl_content_tbl), msg[0],
+ msg[msglen - 2] << 8 | msg[msglen - 1]);
+ }
+ break;
case SSL3_RT_HANDSHAKE:
if (!ssl_print_handshake(bio, ssl, msg, msglen, 4))
BIO_printf(bio, "Message length parse error!\n");
projects / openssl.git / blobdiff