From: Adriaan de Jong Date: Thu, 30 Jun 2011 07:43:14 +0000 (+0200) Subject: Refactored print_details X-Git-Tag: v2.3-alpha1~140 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=963ad54e53c1fc1b701a9c62231b011243321cef;p=thirdparty%2Fopenvpn.git Refactored print_details Signed-off-by: Adriaan de Jong Acked-by: Gert Doering Signed-off-by: David Sommerseth --- diff --git a/ssl.c b/ssl.c index 5b6a5cac6..c0109548b 100644 --- a/ssl.c +++ b/ssl.c @@ -1710,51 +1710,6 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx) return; } -/* - * Print a one line summary of SSL/TLS session handshake. - */ -static void -print_details (SSL * c_ssl, const char *prefix) -{ - const SSL_CIPHER *ciph; - X509 *cert; - char s1[256]; - char s2[256]; - - s1[0] = s2[0] = 0; - ciph = SSL_get_current_cipher (c_ssl); - openvpn_snprintf (s1, sizeof (s1), "%s %s, cipher %s %s", - prefix, - SSL_get_version (c_ssl), - SSL_CIPHER_get_version (ciph), - SSL_CIPHER_get_name (ciph)); - cert = SSL_get_peer_certificate (c_ssl); - if (cert != NULL) - { - EVP_PKEY *pkey = X509_get_pubkey (cert); - if (pkey != NULL) - { - if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL - && pkey->pkey.rsa->n != NULL) - { - openvpn_snprintf (s2, sizeof (s2), ", %d bit RSA", - BN_num_bits (pkey->pkey.rsa->n)); - } - else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL - && pkey->pkey.dsa->p != NULL) - { - openvpn_snprintf (s2, sizeof (s2), ", %d bit DSA", - BN_num_bits (pkey->pkey.dsa->p)); - } - EVP_PKEY_free (pkey); - } - X509_free (cert); - } - /* The SSL API does not allow us to look at temporary RSA/DH keys, - * otherwise we should print their lengths too */ - msg (D_HANDSHAKE, "%s%s", s1, s2); -} - /* * Map internal constants to ascii names. */ @@ -4091,7 +4046,7 @@ tls_process (struct tls_multi *multi, ks->established = now; dmsg (D_TLS_DEBUG_MED, "STATE S_ACTIVE"); if (check_debug_level (D_HANDSHAKE)) - print_details (ks->ks_ssl.ssl, "Control Channel:"); + print_details (&ks->ks_ssl, "Control Channel:"); state_change = true; ks->state = S_ACTIVE; INCR_SUCCESS; diff --git a/ssl_backend.h b/ssl_backend.h index 22266520e..7023e609a 100644 --- a/ssl_backend.h +++ b/ssl_backend.h @@ -294,6 +294,19 @@ void key_state_ssl_init(struct key_state_ssl *ks_ssl, */ void key_state_ssl_free(struct key_state_ssl *ks_ssl); +/* ************************************** + * + * Information functions + * + * Print information for the end user. + * + ***************************************/ + +/* + * Print a one line summary of SSL/TLS session handshake. + */ +void print_details (struct key_state_ssl * ks_ssl, const char *prefix); + /* * Show the TLS ciphers that are available for us to use in the OpenSSL * library. diff --git a/ssl_openssl.c b/ssl_openssl.c index 8c3c4552f..ba19ba3c3 100644 --- a/ssl_openssl.c +++ b/ssl_openssl.c @@ -902,6 +902,55 @@ void key_state_ssl_free(struct key_state_ssl *ks_ssl) } } +/* ************************************** + * + * Information functions + * + * Print information for the end user. + * + ***************************************/ +void +print_details (struct key_state_ssl * ks_ssl, const char *prefix) +{ + SSL_CIPHER *ciph; + X509 *cert; + char s1[256]; + char s2[256]; + + s1[0] = s2[0] = 0; + ciph = SSL_get_current_cipher (ks_ssl->ssl); + openvpn_snprintf (s1, sizeof (s1), "%s %s, cipher %s %s", + prefix, + SSL_get_version (ks_ssl->ssl), + SSL_CIPHER_get_version (ciph), + SSL_CIPHER_get_name (ciph)); + cert = SSL_get_peer_certificate (ks_ssl->ssl); + if (cert != NULL) + { + EVP_PKEY *pkey = X509_get_pubkey (cert); + if (pkey != NULL) + { + if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL + && pkey->pkey.rsa->n != NULL) + { + openvpn_snprintf (s2, sizeof (s2), ", %d bit RSA", + BN_num_bits (pkey->pkey.rsa->n)); + } + else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL + && pkey->pkey.dsa->p != NULL) + { + openvpn_snprintf (s2, sizeof (s2), ", %d bit DSA", + BN_num_bits (pkey->pkey.dsa->p)); + } + EVP_PKEY_free (pkey); + } + X509_free (cert); + } + /* The SSL API does not allow us to look at temporary RSA/DH keys, + * otherwise we should print their lengths too */ + msg (D_HANDSHAKE, "%s%s", s1, s2); +} + void tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file #if ENABLE_INLINE_FILES