If OpenSSL handshake fails during Client Hello report cipher lists

Helps get to the bottom of "no shared cipher" errors.

diff --git a/src/main/cb.c b/src/main/cb.c
index 65e484fb54e7cb91d34bad66bf52c4727fb31d3b..bfaeb35b88545b0328357f5abb63f92a97538bdf 100644 (file)
--- a/src/main/cb.c
+++ b/src/main/cb.c
@@ -71,6 +71,7 @@ void cbtls_info(SSL const *s, int where, int ret)
                                int num_ciphers;
                                const SSL_CIPHER *this_cipher;
 
+                       report_ciphers:
                                server_ciphers = SSL_get_ciphers(s);
                                if (server_ciphers) {
                                        RDEBUG3("Server preferred ciphers (by priority)");
@@ -80,7 +81,7 @@ void cbtls_info(SSL const *s, int where, int ret)
                                                RDEBUG3("(TLS)    [%i] %s", i, SSL_CIPHER_get_name(this_cipher));
                                        }
                                }
-       
+
                                client_ciphers = SSL_get_client_ciphers(s);
                                if (client_ciphers) {
                                        RDEBUG3("(TLS) %s - Client preferred ciphers (by priority)", conf->name);
@@ -122,6 +123,9 @@ void cbtls_info(SSL const *s, int where, int ret)
                                return;
                        }
                        RERROR("(TLS) %s - %s: Error in %s", conf->name, role, state);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+                       if (RDEBUG_ENABLED3 && (SSL_get_state(s) == TLS_ST_SR_CLNT_HELLO)) goto report_ciphers;
+#endif
                }
        }
 }