diff options
author | Petr Štetiar <ynezz@true.cz> | 2022-02-22 13:59:27 +0100 |
---|---|---|
committer | Petr Štetiar <ynezz@true.cz> | 2022-02-22 13:59:27 +0100 |
commit | 584f1f6bf5e30cf74358505972b0d4634885b5b6 (patch) | |
tree | f598eee761e048d1cf154e46e24db3d876029662 /ustream-openssl.c | |
parent | aa8c48e9c139654814c88f9148118c707507e275 (diff) | |
download | ustream-ssl-584f1f6bf5e30cf74358505972b0d4634885b5b6.tar.gz |
ustream-openssl: wolfSSL: provide detailed information in debug builds
Show detailed information about the session/peer in debug builds:
$ wget https://letsencrypt.org
Alternate cert chain used
issuer : /C=US/O=Let's Encrypt/CN=R3
subject: /CN=lencr.org
altname = lencr.org
altname = letsencrypt.com
altname = letsencrypt.org
altname = www.lencr.org
altname = www.letsencrypt.com
altname = www.letsencrypt.org
serial number:03:4e:29:5a:d6:74:ae:fd:51:cd:0d:61:11:f9:e3:e3:bd:88
Certificate:
...snip...
our cert info: No Cert
Peer verify result = 39
SSL version is TLSv1.3
SSL cipher suite is TLS_AES_256_GCM_SHA384
SSL curve name is SECP256R1
Alternate cert chain used
As it makes debugging issues like #9283 easier.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Diffstat (limited to 'ustream-openssl.c')
-rw-r--r-- | ustream-openssl.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ustream-openssl.c b/ustream-openssl.c index 894dddb..6dae4ae 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -25,6 +25,10 @@ #include <openssl/x509v3.h> #endif +#if defined(HAVE_WOLFSSL) && defined(DEBUG) +#include <wolfssl/test.h> +#endif + /* Ciphersuite preference: * - for server, no weak ciphers are used if you use an ECDSA key. * - forward-secret (pfs), authenticated (AEAD) ciphers are at the top: @@ -268,6 +272,10 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us) X509 *cert; int res; +#if defined(HAVE_WOLFSSL) && defined(DEBUG) + showPeer(ssl); +#endif + res = SSL_get_verify_result(ssl); if (res != X509_V_OK) { if (us->notify_verify_error) |