diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2014-10-27 14:39:37 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-11-13 13:44:23 +0000 |
| commit | f756f1fc83fc195a6dbd5372845c4d67566dc5b9 (patch) | |
| tree | bf7ebc73c44058d2184b5be9910d62affd34384f /ssl | |
| parent | de94222dbade870a0437fd625c4a41ee5229d2f2 (diff) | |
Additional output for ssltest.
Print out more details of the conection in ssltest specifically:
server certificate curve name for EC, server temporary key (if any)
and peer signing digest.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssltest.c | 74 |
1 files changed, 53 insertions, 21 deletions
diff --git a/ssl/ssltest.c b/ssl/ssltest.c index de47343085..028f8525f6 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -816,10 +816,52 @@ static void sv_usage(void) fprintf(stderr," -alpn_expected <string> - the ALPN protocol that should be negotiated\n"); } +static void print_key_details(BIO *out, EVP_PKEY *key) + { + int keyid = EVP_PKEY_id(key); +#ifndef OPENSSL_NO_EC + if (keyid == EVP_PKEY_EC) + { + EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key); + int nid; + const char *cname; + nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + EC_KEY_free(ec); + cname = EC_curve_nid2nist(nid); + if (!cname) + cname = OBJ_nid2sn(nid); + BIO_printf(out, "%d bits EC (%s)", + EVP_PKEY_bits(key), cname); + } + else +#endif + { + const char *algname; + switch (keyid) + { + case EVP_PKEY_RSA: + algname = "RSA"; + break; + case EVP_PKEY_DSA: + algname = "DSA"; + break; + case EVP_PKEY_DH: + algname = "DH"; + break; + default: + algname = OBJ_nid2sn(keyid); + break; + } + BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname); + } + } + static void print_details(SSL *c_ssl, const char *prefix) { const SSL_CIPHER *ciph; + int mdnid; X509 *cert; + EVP_PKEY *pkey; ciph=SSL_get_current_cipher(c_ssl); BIO_printf(bio_stdout,"%s%s, cipher %s %s", @@ -830,33 +872,23 @@ static void print_details(SSL *c_ssl, const char *prefix) cert=SSL_get_peer_certificate(c_ssl); if (cert != NULL) { - EVP_PKEY *pkey = X509_get_pubkey(cert); + pkey = X509_get_pubkey(cert); if (pkey != NULL) { - if (0) - ; -#ifndef OPENSSL_NO_RSA - else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL - && pkey->pkey.rsa->n != NULL) - { - BIO_printf(bio_stdout, ", %d bit RSA", - BN_num_bits(pkey->pkey.rsa->n)); - } -#endif -#ifndef OPENSSL_NO_DSA - else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL - && pkey->pkey.dsa->p != NULL) - { - BIO_printf(bio_stdout, ", %d bit DSA", - BN_num_bits(pkey->pkey.dsa->p)); - } -#endif + BIO_puts(bio_stdout, ", "); + print_key_details(bio_stdout, pkey); EVP_PKEY_free(pkey); } X509_free(cert); } - /* The SSL API does not allow us to look at temporary RSA/DH keys, - * otherwise we should print their lengths too */ + if (SSL_get_server_tmp_key(c_ssl, &pkey)) + { + BIO_puts(bio_stdout, ", temp key: "); + print_key_details(bio_stdout, pkey); + EVP_PKEY_free(pkey); + } + if (SSL_get_peer_signature_nid(c_ssl, &mdnid)) + BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid)); BIO_printf(bio_stdout,"\n"); } |