From f1f0f074bf6e7b91673bfa8cb08b3be44ebda76b Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Fri, 23 Oct 2020 14:02:55 +0200 Subject: [PATCH] Improve keys out of sync message The current message basically lacks the information to actually figure out why the keys are out of sync. This adds the missing information to that diagnostic message. Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20201023120259.29783-3-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21226.html Signed-off-by: Gert Doering --- src/openvpn/ssl.c | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 45b2b201c..b207c6dfc 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -763,6 +763,22 @@ state_name(int state) } } +static const char * +ks_auth_name(enum ks_auth_state auth) +{ + switch (auth) + { + case KS_AUTH_TRUE: + return "KS_AUTH_TRUE"; + case KS_AUTH_DEFERRED: + return "KS_AUTH_DEFERRED"; + case KS_AUTH_FALSE: + return "KS_AUTH_FALSE"; + default: + return "KS_????"; + } +} + static const char * packet_opcode_name(int op) { @@ -833,8 +849,9 @@ print_key_id(struct tls_multi *multi, struct gc_arena *gc) for (int i = 0; i < KEY_SCAN_SIZE; ++i) { struct key_state *ks = get_key_scan(multi, i); - buf_printf(&out, " [key#%d state=%s id=%d sid=%s]", i, - state_name(ks->state), ks->key_id, + buf_printf(&out, " [key#%d state=%s auth=%s id=%d sid=%s]", i, + state_name(ks->state), ks_auth_name(ks->authenticated), + ks->key_id, session_id_print(&ks->session_id_remote, gc)); } @@ -3301,8 +3318,10 @@ handle_data_channel_packet(struct tls_multi *multi, } msg(D_TLS_ERRORS, - "TLS Error: local/remote TLS keys are out of sync: %s [%d]", - print_link_socket_actual(from, &gc), key_id); + "TLS Error: local/remote TLS keys are out of sync: %s " + "(received key id: %d, known key ids: %s)", + print_link_socket_actual(from, &gc), key_id, + print_key_id(multi, &gc)); done: tls_clear_error(); -- 2.47.2