git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Fri, 26 Mar 2021 17:57:50 +0000 (18:57 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Sun, 28 Mar 2021 09:39:04 +0000 (11:39 +0200)
commit	a177388735566c3d7c3120860ceea71b81db5c34
tree	e188f93358b8b35ad795c48e0c212a02f1d63d65	tree \| snapshot
parent	a0e844c892d6f67977bf8e9162cbc43a3f64ba46	commit \| diff

Cleanup print_details and add signature/ED certificate print

This commit cleans up the logic in the function a bit. It also makes it
more clear the the details printed in the second part of the message are
details about the peer certificate and not the TLS connection as such.
Also print the signature algorithm as this might help to identify
peer certificate that still use SHA1.

The new format with for TLS 1.3 and an EC certificate.

Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer
certificate: 384 bit EC, curve secp384r1, signature: ecdsa-with-SHA256

Using the more generic OpenSSL functions also allows use to correctly
print details about ED certificates:

Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer
certificate: 253 bit ED25519, signature: ED25519

Patch v2: Cleanup multiple calls to EVP_PKEY_id, minor code restructuring

Patch v3: Always initialise sig.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20210326175750.4772-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21861.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit ca57070630a1b2935ee606cc1309005b56eb925f)