diff options
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/s_apps.h | 2 | ||||
| -rw-r--r-- | apps/s_cb.c | 78 | ||||
| -rw-r--r-- | apps/s_client.c | 2 | ||||
| -rw-r--r-- | apps/s_server.c | 4 |
4 files changed, 77 insertions, 9 deletions
diff --git a/apps/s_apps.h b/apps/s_apps.h index 3491b1ab69..c04e2d3611 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -160,7 +160,7 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, int set_cert_key_and_authz(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, unsigned char *authz, size_t authz_length); # endif -int ssl_print_sigalgs(BIO *out, SSL *s, int client); +int ssl_print_sigalgs(BIO *out, SSL *s); int ssl_print_curves(BIO *out, SSL *s); #endif int init_client(int *sock, char *server, int port, int type); diff --git a/apps/s_cb.c b/apps/s_cb.c index bd487d35db..6e26d43de4 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -285,9 +285,75 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, return 1; } -static int do_print_sigalgs(BIO *out, SSL *s, int client, int shared) +static void ssl_print_client_cert_types(BIO *bio, SSL *s) { - int i, nsig; + const unsigned char *p; + int i; + int cert_type_num = SSL_get0_certificate_types(s, &p); + if (!cert_type_num) + return; + BIO_puts(bio, "Client Certificate Types: "); + for (i = 0; i < cert_type_num; i++) + { + unsigned char cert_type = p[i]; + char *cname; + switch(cert_type) + { + case TLS_CT_RSA_SIGN: + cname = "RSA sign"; + break; + + case TLS_CT_DSS_SIGN: + cname = "DSA sign"; + break; + + case TLS_CT_RSA_FIXED_DH: + cname = "RSA fixed DH"; + break; + + case TLS_CT_DSS_FIXED_DH: + cname = "DSS fixed DH"; + break; + + case TLS_CT_ECDSA_SIGN: + cname = "ECDSA sign"; + break; + + case TLS_CT_RSA_FIXED_ECDH: + cname = "RSA fixed ECDH"; + break; + + case TLS_CT_ECDSA_FIXED_ECDH: + cname = "ECDSA fixed ECDH"; + break; + + case TLS_CT_GOST94_SIGN: + cname = "GOST94 Sign"; + break; + + case TLS_CT_GOST01_SIGN: + cname = "GOST01 Sign"; + break; + + default: + cname = NULL; + } + + if (i) + BIO_puts(bio, ", "); + + if (cname) + BIO_puts(bio, cname); + else + BIO_printf(bio, "UNKNOWN (%d),", cert_type); + } + BIO_puts(bio, "\n"); + } + +static int do_print_sigalgs(BIO *out, SSL *s, int shared) + { + int i, nsig, client; + client = SSL_is_server(s) ? 0 : 1; if (shared) nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL); @@ -334,10 +400,12 @@ static int do_print_sigalgs(BIO *out, SSL *s, int client, int shared) return 1; } -int ssl_print_sigalgs(BIO *out, SSL *s, int client) +int ssl_print_sigalgs(BIO *out, SSL *s) { - do_print_sigalgs(out, s, client, 0); - do_print_sigalgs(out, s, client, 1); + if (!SSL_is_server(s)) + ssl_print_client_cert_types(out, s); + do_print_sigalgs(out, s, 0); + do_print_sigalgs(out, s, 1); return 1; } diff --git a/apps/s_client.c b/apps/s_client.c index f8469f87c7..999bd2043c 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2077,7 +2077,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_write(bio,"\n",1); } - ssl_print_sigalgs(bio, s, 1); + ssl_print_sigalgs(bio, s); BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n", BIO_number_read(SSL_get_rbio(s)), diff --git a/apps/s_server.c b/apps/s_server.c index 4b07cb0f07..92ca0a7f85 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2575,7 +2575,7 @@ static int init_ssl_connection(SSL *con) if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL) BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); - ssl_print_sigalgs(bio_s_out, con, 0); + ssl_print_sigalgs(bio_s_out, con); ssl_print_curves(bio_s_out, con); BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); @@ -2890,7 +2890,7 @@ static int www_body(char *hostname, int s, unsigned char *context) } BIO_puts(io,"\n"); } - ssl_print_sigalgs(io, con, 0); + ssl_print_sigalgs(io, con); ssl_print_curves(io, con); BIO_printf(io,(SSL_cache_hit(con) ?"---\nReused, " |