Streamlined TLS debugging output

author Martin Willi <martin@revosec.ch>

Fri, 20 Aug 2010 13:52:06 +0000 (15:52 +0200)

committer Martin Willi <martin@revosec.ch>

Mon, 23 Aug 2010 07:45:33 +0000 (09:45 +0200)
author Martin Willi <martin@revosec.ch>
Fri, 20 Aug 2010 13:52:06 +0000 (15:52 +0200)
committer Martin Willi <martin@revosec.ch>
Mon, 23 Aug 2010 07:45:33 +0000 (09:45 +0200)
diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c

index 01adc6c94f92f730a8c286bdbce6dc1ed2ee3c06..1bba3b28870a60df24ad06b26ab95441ee3c0388 100644 (file)
--- a/src/libtls/tls_peer.c
+++ b/src/libtls/tls_peer.c
@@ -130,19 +130,19 @@ static status_t process_server_hello(private_tls_peer_t *this,
  
         memcpy(this->server_random, random.ptr, sizeof(this->server_random));
  
-       DBG1(DBG_IKE, "received TLS version: %N", tls_version_names, version);
         if (version < this->tls->get_version(this->tls))
         {
                 this->tls->set_version(this->tls, version);
         }
-
         suite = cipher;
-       DBG1(DBG_IKE, "received TLS cipher suite: %N", tls_cipher_suite_names, suite);
         if (!this->crypto->select_cipher_suite(this->crypto, &suite, 1))
         {
-               DBG1(DBG_IKE, "received TLS cipher suite inacceptable");
+               DBG1(DBG_IKE, "received TLS cipher suite %N inacceptable",
+                        tls_cipher_suite_names, suite);
                 return FAILED;
         }
+       DBG1(DBG_IKE, "negotiated TLS version %N with suite %N",
+                tls_version_names, version, tls_cipher_suite_names, suite);
         this->state = STATE_HELLO_RECEIVED;
         return NEED_MORE;
  }
@@ -245,12 +245,12 @@ static status_t process_certreq(private_tls_peer_t *this, tls_reader_t *reader)
                                                                           CERT_X509, KEY_ANY, id, TRUE);
                 if (cert)
                 {
-                       DBG1(DBG_IKE, "received cert request for '%Y", id);
+                       DBG1(DBG_IKE, "received TLS cert request for '%Y", id);
                         this->peer_auth->add(this->peer_auth, AUTH_RULE_CA_CERT, cert);
                 }
                 else
                 {
-                       DBG1(DBG_IKE, "received cert request for unknown CA '%Y'", id);
+                       DBG1(DBG_IKE, "received TLS cert request for unknown CA '%Y'", id);
                 }
                 id->destroy(id);
         }
@@ -375,7 +375,6 @@ static status_t send_client_hello(private_tls_peer_t *this,
  
         /* TLS version */
         version = this->tls->get_version(this->tls);
-       DBG1(DBG_IKE, "sending TLS version: %N", tls_version_names, version);
         writer->write_uint16(writer, version);
         writer->write_data(writer, chunk_from_thing(this->client_random));
  
diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c

index 8ff306b240580cd369a04e8f4dab4634f63d1426..763afc99df71b411a2cbac945de485d2949fa00d 100644 (file)
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -137,7 +137,6 @@ static status_t process_client_hello(private_tls_server_t *this,
  
         memcpy(this->client_random, random.ptr, sizeof(this->client_random));
  
-       DBG1(DBG_IKE, "received TLS version: %N", tls_version_names, version);
         if (version < this->tls->get_version(this->tls))
         {
                 this->tls->set_version(this->tls, version);
@@ -154,9 +153,11 @@ static status_t process_client_hello(private_tls_server_t *this,
         this->suite = this->crypto->select_cipher_suite(this->crypto, suites, count);
         if (!this->suite)
         {
-               DBG1(DBG_IKE, "received cipher suite inacceptable");
+               DBG1(DBG_IKE, "received cipher suites inacceptable");
                 return FAILED;
         }
+       DBG1(DBG_IKE, "negotiated TLS version %N with suite %N",
+                tls_version_names, version, tls_cipher_suite_names, this->suite);
         this->state = STATE_HELLO_RECEIVED;
         return NEED_MORE;
  }
@@ -402,7 +403,6 @@ static status_t send_server_hello(private_tls_server_t *this,
  
         /* TLS version */
         version = this->tls->get_version(this->tls);
-       DBG1(DBG_IKE, "sending TLS version: %N", tls_version_names, version);
         writer->write_uint16(writer, version);
         writer->write_data(writer, chunk_from_thing(this->server_random));
  
@@ -410,8 +410,8 @@ static status_t send_server_hello(private_tls_server_t *this,
         writer->write_data8(writer, chunk_empty);
  
         /* add selected TLS cipher suite */
-       DBG1(DBG_IKE, "sending TLS cipher suite: %N", tls_cipher_suite_names,
-                                                                                                 this->suite);
+       DBG2(DBG_IKE, "sending TLS cipher suite: %N",
+                tls_cipher_suite_names, this->suite);
         writer->write_uint16(writer, this->suite);
  
         /* NULL compression only */
@@ -510,6 +510,7 @@ static status_t send_certificate_request(private_tls_server_t *this,
                 if (x509->get_flags(x509) & X509_CA)
                 {
                         id = cert->get_subject(cert);
+                       DBG1(DBG_IKE, "sending TLS cert request for '%Y'", id);
                         authorities->write_data16(authorities, id->get_encoding(id));
                 }
         }
author	Martin Willi <martin@revosec.ch>
	Fri, 20 Aug 2010 13:52:06 +0000 (15:52 +0200)
committer	Martin Willi <martin@revosec.ch>
	Mon, 23 Aug 2010 07:45:33 +0000 (09:45 +0200)
src/libtls/tls_peer.c		patch \| blob \| blame \| history
src/libtls/tls_server.c		patch \| blob \| blame \| history