print(STDERR logPrefix()."GOT ". "Code=".$code." $bodylen \n") if ($debug); #.$body;
my $hostname;
- parseRequest($body, \$hostname, \%errors, \%certs);
+ my $sslVersion = "-";
+ my $sslCipher = "-";
+ parseRequest($body, \$hostname, \$sslVersion, \$sslCipher, \%errors, \%certs);
print(STDERR logPrefix()."Parse result: \n") if ($debug);
print(STDERR logPrefix()."\tFOUND host:".$hostname."\n") if ($debug);
+ print(STDERR logPrefix()."\tFOUND ssl version:".$sslVersion."\n") if ($debug);
+ print(STDERR logPrefix()."\tFOUND ssl cipher:".$sslCipher."\n") if ($debug);
print(STDERR logPrefix()."\tFOUND ERRORS:") if ($debug);
foreach my $err (keys %errors) {
print(STDERR logPrefix().$errors{$err}{"name"}."/".$errors{$err}{"cert"}." ,") if ($debug);
{
my($request)=shift;
my $hostname = shift;
+ my $sslVersion = shift;
+ my $sslCipher = shift;
my $errors = shift;
my $certs = shift;
while ($request !~ /^\s*$/) {
$$hostname = $host;
$request =~ s/^host=.*$//m;
}
+ if ($request =~ s/^proto_version=(.*?)$//m) {
+ $$sslVersion = $1;
+ }
+ if ($request =~ s/^cipher=(.*?)$//m) {
+ $$sslCipher = $1;
+ }
if ($request =~ /^cert_(\d+)=/) {
my $certId = "cert_".$1;
my($vallen) = index($request, "-----END CERTIFICATE-----") + length("-----END CERTIFICATE-----");
body += Ssl::CertValidationMsg::param_host + "=" + vcert.domainName;
STACK_OF(X509) *peerCerts = static_cast<STACK_OF(X509) *>(SSL_get_ex_data(vcert.ssl, ssl_ex_index_ssl_cert_chain));
+ if (const char *sslVersion = SSL_get_version(vcert.ssl))
+ body += "\n" + Ssl::CertValidationMsg::param_proto_version + "=" + sslVersion;
+
+ if (const char *cipherName = SSL_CIPHER_get_name(SSL_get_current_cipher(vcert.ssl)))
+ body += "\n" + Ssl::CertValidationMsg::param_cipher + "=" + cipherName;
+
if (!peerCerts)
peerCerts = SSL_get_peer_cert_chain(vcert.ssl);
const std::string Ssl::CertValidationMsg::param_error_name("error_name_");
const std::string Ssl::CertValidationMsg::param_error_reason("error_reason_");
const std::string Ssl::CertValidationMsg::param_error_cert("error_cert_");
-
+const std::string Ssl::CertValidationMsg::param_proto_version("proto_version");
+const std::string Ssl::CertValidationMsg::param_cipher("cipher");
static const std::string param_error_reason;
/// Parameter name for passing the error cert ID
static const std::string param_error_cert;
+ /// Parameter name for SSL version
+ static const std::string param_proto_version;
+ /// Parameter name for SSL cipher
+ static const std::string param_cipher;
};
}//namespace Ssl