/*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
{"session ticket", TLSEXT_TYPE_session_ticket},
{"renegotiation info", TLSEXT_TYPE_renegotiate},
{"signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp},
+ {"client cert type", TLSEXT_TYPE_client_cert_type},
+ {"server cert type", TLSEXT_TYPE_server_cert_type},
{"TLS padding", TLSEXT_TYPE_padding},
#ifdef TLSEXT_TYPE_next_proto_neg
{"next protocol", TLSEXT_TYPE_next_proto_neg},
void print_verify_detail(SSL *s, BIO *bio)
{
int mdpth;
- EVP_PKEY *mspki;
+ EVP_PKEY *mspki = NULL;
long verify_err = SSL_get_verify_result(s);
if (verify_err == X509_V_OK) {
hexdata = hexencode(data + dlen - TLSA_TAIL_SIZE, TLSA_TAIL_SIZE);
else
hexdata = hexencode(data, dlen);
- BIO_printf(bio, "DANE TLSA %d %d %d %s%s %s at depth %d\n",
+ BIO_printf(bio, "DANE TLSA %d %d %d %s%s ",
usage, selector, mtype,
- (dlen > TLSA_TAIL_SIZE) ? "..." : "", hexdata,
- (mspki != NULL) ? "signed the certificate" :
- mdpth ? "matched TA certificate" : "matched EE certificate",
- mdpth);
+ (dlen > TLSA_TAIL_SIZE) ? "..." : "", hexdata);
+ if (SSL_get0_peer_rpk(s) == NULL)
+ BIO_printf(bio, "%s certificate at depth %d\n",
+ (mspki != NULL) ? "signed the peer" :
+ mdpth ? "matched the TA" : "matched the EE", mdpth);
+ else
+ BIO_printf(bio, "matched the peer raw public key\n");
OPENSSL_free(hexdata);
}
}
void print_ssl_summary(SSL *s)
{
const SSL_CIPHER *c;
- X509 *peer;
+ X509 *peer = SSL_get0_peer_certificate(s);
+ EVP_PKEY *peer_rpk = SSL_get0_peer_rpk(s);
+ int nid;
BIO_printf(bio_err, "Protocol version: %s\n", SSL_get_version(s));
print_raw_cipherlist(s);
c = SSL_get_current_cipher(s);
BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
do_print_sigalgs(bio_err, s, 0);
- peer = SSL_get0_peer_certificate(s);
if (peer != NULL) {
- int nid;
-
BIO_puts(bio_err, "Peer certificate: ");
X509_NAME_print_ex(bio_err, X509_get_subject_name(peer),
0, get_nameopt());
if (SSL_get_peer_signature_type_nid(s, &nid))
BIO_printf(bio_err, "Signature type: %s\n", get_sigtype(nid));
print_verify_detail(s, bio_err);
+ } else if (peer_rpk != NULL) {
+ BIO_printf(bio_err, "Peer used raw public key\n");
+ if (SSL_get_peer_signature_type_nid(s, &nid))
+ BIO_printf(bio_err, "Signature type: %s\n", get_sigtype(nid));
+ print_verify_detail(s, bio_err);
} else {
- BIO_puts(bio_err, "No peer certificate\n");
+ BIO_puts(bio_err, "No peer certificate or raw public key\n");
}
#ifndef OPENSSL_NO_EC
ssl_print_point_formats(bio_err, s);
(void)BIO_flush(b);
return 1;
}
-