From: Arne Schwabe Date: Fri, 23 Oct 2020 12:02:55 +0000 (+0200) Subject: Improve keys out of sync message X-Git-Tag: v2.6_beta1~655 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f1f0f074bf6e7b91673bfa8cb08b3be44ebda76b;p=thirdparty%2Fopenvpn.git Improve keys out of sync message The current message basically lacks the information to actually figure out why the keys are out of sync. This adds the missing information to that diagnostic message. Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20201023120259.29783-3-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21226.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 45b2b201c..b207c6dfc 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -763,6 +763,22 @@ state_name(int state) } } +static const char * +ks_auth_name(enum ks_auth_state auth) +{ + switch (auth) + { + case KS_AUTH_TRUE: + return "KS_AUTH_TRUE"; + case KS_AUTH_DEFERRED: + return "KS_AUTH_DEFERRED"; + case KS_AUTH_FALSE: + return "KS_AUTH_FALSE"; + default: + return "KS_????"; + } +} + static const char * packet_opcode_name(int op) { @@ -833,8 +849,9 @@ print_key_id(struct tls_multi *multi, struct gc_arena *gc) for (int i = 0; i < KEY_SCAN_SIZE; ++i) { struct key_state *ks = get_key_scan(multi, i); - buf_printf(&out, " [key#%d state=%s id=%d sid=%s]", i, - state_name(ks->state), ks->key_id, + buf_printf(&out, " [key#%d state=%s auth=%s id=%d sid=%s]", i, + state_name(ks->state), ks_auth_name(ks->authenticated), + ks->key_id, session_id_print(&ks->session_id_remote, gc)); } @@ -3301,8 +3318,10 @@ handle_data_channel_packet(struct tls_multi *multi, } msg(D_TLS_ERRORS, - "TLS Error: local/remote TLS keys are out of sync: %s [%d]", - print_link_socket_actual(from, &gc), key_id); + "TLS Error: local/remote TLS keys are out of sync: %s " + "(received key id: %d, known key ids: %s)", + print_link_socket_actual(from, &gc), key_id, + print_key_id(multi, &gc)); done: tls_clear_error();