From: Jouni Malinen <j@w1.fi>
Date: Sun, 11 Jan 2015 11:01:50 +0000 (+0200)
Subject: GnuTLS: Add more debug prints for version and session status
X-Git-Tag: hostap_2_4~446
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e0d431a5157cffb282ec1f0def8555334ff60e5e;p=thirdparty%2Fhostap.git

GnuTLS: Add more debug prints for version and session status

Make the debug output more useful for determining whuch version of
GnuTLS was used and what was negotiated for the session.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/crypto/tls_gnutls.c b/src/crypto/tls_gnutls.c
index 9b857a5dc..cfee60665 100644
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@@ -81,6 +81,12 @@ void * tls_init(const struct tls_config *conf)
 {
 	struct tls_global *global;
 
+	if (tls_gnutls_ref_count == 0) {
+		wpa_printf(MSG_DEBUG,
+			   "GnuTLS: Library version %s (runtime) - %s (build)",
+			   gnutls_check_version(NULL), GNUTLS_VERSION);
+	}
+
 	global = os_zalloc(sizeof(*global));
 	if (global == NULL)
 		return NULL;
@@ -652,6 +658,25 @@ static int tls_connection_verify_peer(gnutls_session_t session)
 		goto out;
 	}
 
+#if GNUTLS_VERSION_NUMBER >= 0x030104
+	{
+		gnutls_datum_t info;
+		int ret, type;
+
+		type = gnutls_certificate_type_get(session);
+		ret = gnutls_certificate_verification_status_print(status, type,
+								   &info, 0);
+		if (ret < 0) {
+			wpa_printf(MSG_DEBUG,
+				   "GnuTLS: Failed to print verification status");
+			err = GNUTLS_A_INTERNAL_ERROR;
+			goto out;
+		}
+		wpa_printf(MSG_DEBUG, "GnuTLS: %s", info.data);
+		gnutls_free(info.data);
+	}
+#endif /* GnuTLS 3.1.4 or newer */
+
 	if (conn->verify_peer && (status & GNUTLS_CERT_INVALID)) {
 		wpa_printf(MSG_INFO, "TLS: Peer certificate not trusted");
 		if (status & GNUTLS_CERT_INSECURE_ALGORITHM) {
@@ -835,6 +860,19 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
 		size_t size;
 
 		wpa_printf(MSG_DEBUG, "TLS: Handshake completed successfully");
+
+#if GNUTLS_VERSION_NUMBER >= 0x03010a
+		{
+			char *desc;
+
+			desc = gnutls_session_get_desc(conn->session);
+			if (desc) {
+				wpa_printf(MSG_DEBUG, "GnuTLS: %s", desc);
+				gnutls_free(desc);
+			}
+		}
+#endif /* GnuTLS 3.1.10 or newer */
+
 		conn->established = 1;
 		if (conn->push_buf == NULL) {
 			/* Need to return something to get final TLS ACK. */