diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-08-05 09:51:05 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-08-05 09:51:05 +0200 |
| commit | 7ea87db00d95cf5f91288fc4067a7ab14f43fd6d (patch) | |
| tree | 99d6095d6f08e40fdce8d1e5f33a50c17c675e4f /src | |
| parent | 7030e3950a8de5e9093ae6401e2a18752554bec5 (diff) | |
| download | strongswan-7ea87db00d95cf5f91288fc4067a7ab14f43fd6d.tar.bz2 strongswan-7ea87db00d95cf5f91288fc4067a7ab14f43fd6d.tar.xz | |
added some more TLS debug output
Diffstat (limited to 'src')
| -rw-r--r-- | src/libtls/tls_peer.c | 21 | ||||
| -rw-r--r-- | src/libtls/tls_server.c | 17 |
2 files changed, 29 insertions, 9 deletions
diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c index dbb0efd51..ab4d87920 100644 --- a/src/libtls/tls_peer.c +++ b/src/libtls/tls_peer.c @@ -125,14 +125,14 @@ static status_t process_server_hello(private_tls_peer_t *this, memcpy(this->server_random, random.ptr, sizeof(this->server_random)); + DBG1(DBG_IKE, "received TLS version: %N", tls_version_names, version); if (version < this->tls->get_version(this->tls)) { this->tls->set_version(this->tls, version); } + suite = cipher; - DBG1(DBG_IKE, "received TLS version: %N", tls_version_names, version); DBG1(DBG_IKE, "received TLS cipher suite: %N", tls_cipher_suite_names, suite); - if (!this->crypto->select_cipher_suite(this->crypto, &suite, 1)) { DBG1(DBG_IKE, "received TLS cipher suite inacceptable"); @@ -354,7 +354,8 @@ METHOD(tls_handshake_t, process, status_t, static status_t send_client_hello(private_tls_peer_t *this, tls_handshake_type_t *type, tls_writer_t *writer) { - tls_cipher_suite_t *suite; + tls_cipher_suite_t *suites; + tls_version_t version; int count, i; rng_t *rng; @@ -367,19 +368,25 @@ static status_t send_client_hello(private_tls_peer_t *this, rng->get_bytes(rng, sizeof(this->client_random) - 4, this->client_random + 4); rng->destroy(rng); - writer->write_uint16(writer, this->tls->get_version(this->tls)); + /* TLS version */ + version = this->tls->get_version(this->tls); + DBG1(DBG_IKE, "sending TLS version: %N", tls_version_names, version); + writer->write_uint16(writer, version); writer->write_data(writer, chunk_from_thing(this->client_random)); + /* session identifier => none */ writer->write_data8(writer, chunk_empty); - count = this->crypto->get_cipher_suites(this->crypto, &suite); + /* add TLS cipher suites */ + count = this->crypto->get_cipher_suites(this->crypto, &suites); DBG2(DBG_IKE, "sending %d TLS cipher suites:", count); writer->write_uint16(writer, count * 2); for (i = 0; i < count; i++) { - DBG2(DBG_IKE, " %N", tls_cipher_suite_names, suite[i]); - writer->write_uint16(writer, suite[i]); + DBG2(DBG_IKE, " %N", tls_cipher_suite_names, suites[i]); + writer->write_uint16(writer, suites[i]); } + /* NULL compression only */ writer->write_uint8(writer, 1); writer->write_uint8(writer, 0); diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c index c0c0cc45f..712010edc 100644 --- a/src/libtls/tls_server.c +++ b/src/libtls/tls_server.c @@ -131,15 +131,19 @@ static status_t process_client_hello(private_tls_server_t *this, memcpy(this->client_random, random.ptr, sizeof(this->client_random)); + DBG1(DBG_IKE, "received TLS version: %N", tls_version_names, version); if (version < this->tls->get_version(this->tls)) { this->tls->set_version(this->tls, version); } + count = ciphers.len / sizeof(u_int16_t); suites = alloca(count * sizeof(tls_cipher_suite_t)); + DBG2(DBG_IKE, "received %d TLS cipher suites:", count); for (i = 0; i < count; i++) { suites[i] = untoh16(&ciphers.ptr[i * sizeof(u_int16_t)]); + DBG2(DBG_IKE, " %N", tls_cipher_suite_names, suites[i]); } this->suite = this->crypto->select_cipher_suite(this->crypto, suites, count); if (!this->suite) @@ -366,6 +370,7 @@ METHOD(tls_handshake_t, process, status_t, static status_t send_server_hello(private_tls_server_t *this, tls_handshake_type_t *type, tls_writer_t *writer) { + tls_version_t version; rng_t *rng; htoun32(&this->server_random, time(NULL)); @@ -377,12 +382,20 @@ static status_t send_server_hello(private_tls_server_t *this, rng->get_bytes(rng, sizeof(this->server_random) - 4, this->server_random + 4); rng->destroy(rng); - writer->write_uint16(writer, this->tls->get_version(this->tls)); + /* TLS version */ + version = this->tls->get_version(this->tls); + DBG1(DBG_IKE, "sending TLS version: %N", tls_version_names, version); + writer->write_uint16(writer, version); writer->write_data(writer, chunk_from_thing(this->server_random)); + /* session identifier => none, we don't support session resumption */ writer->write_data8(writer, chunk_empty); - /* add selected suite */ + + /* add selected TLS cipher suite */ + DBG1(DBG_IKE, "sending TLS cipher suite: %N", tls_cipher_suite_names, + this->suite); writer->write_uint16(writer, this->suite); + /* NULL compression only */ writer->write_uint8(writer, 0); |