1 files changed, 37 insertions, 1 deletions

diff --git a/src/libpttls/pt_tls.c b/src/libpttls/pt_tls.c
index 034bf6c50..b59ef7c89 100644
--- a/src/libpttls/pt_tls.c
+++ b/src/libpttls/pt_tls.c
@@ -16,7 +16,7 @@
 #include "pt_tls.h"
 
 #include <utils/debug.h>
-
+#include <pen/pen.h>
 /**
  * Described in header.
  */
@@ -42,6 +42,26 @@ void libpttls_init(void)
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  */
 
+ENUM(pt_tls_message_type_names, PT_TLS_EXPERIMENTAL, PT_TLS_ERROR,
+	"Experimental",
+	"Version Request",
+	"Version Response",
+	"SASL Mechanisms",
+	"SASL Mechanism Selection",
+	"SASL Authentication Data",
+	"SASL Result",
+	"PB-TNC Batch",
+	"PT-TLS Error"
+);
+
+ENUM(pt_tls_sasl_result_names, PT_TLS_SASL_RESULT_SUCCESS,
+							   PT_TLS_SASL_RESULT_MECH_FAILURE,
+	"Success",
+	"Failure",
+	"Abort",
+	"Mechanism Failure"
+);
+
 /**
  * Read a chunk of data from TLS, returning a reader for it
  */
@@ -95,6 +115,19 @@ bio_reader_t* pt_tls_read(tls_socket_t *tls, u_int32_t *vendor,
 		DBG1(DBG_TNC, "received short PT-TLS header (%d bytes)", len);
 		return NULL;
 	}
+
+	if (*vendor == PEN_IETF)
+	{
+		DBG2(DBG_TNC, "received PT-TLS message #%d of type '%N' (%d bytes)",
+					  *identifier, pt_tls_message_type_names, *type, len);
+	}
+	else
+	{
+		DBG2(DBG_TNC, "received PT-TLS message #%d of unknown type "
+					  "0x%06x/0x%08x (%d bytes)",
+					  *identifier, *vendor, *type, len);
+	}
+
 	return read_tls(tls, len - PT_TLS_HEADER_LEN);
 }
 
@@ -120,6 +153,9 @@ bool pt_tls_write(tls_socket_t *tls, bio_writer_t *writer,
 	header->write_data(header, data);
 	writer->destroy(writer);
 
+	DBG2(DBG_TNC, "sending PT-TLS message #%d of type '%N' (%d bytes)",
+				   identifier, pt_tls_message_type_names, type, len);
+
 	data = header->get_buf(header);
 	len = tls->write(tls, data.ptr, data.len);
 	header->destroy(header);