|
1 /* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */ |
|
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
|
3 * All rights reserved. |
|
4 * |
|
5 * This package is an SSL implementation written |
|
6 * by Eric Young (eay@cryptsoft.com). |
|
7 * The implementation was written so as to conform with Netscapes SSL. |
|
8 * |
|
9 * This library is free for commercial and non-commercial use as long as |
|
10 * the following conditions are aheared to. The following conditions |
|
11 * apply to all code found in this distribution, be it the RC4, RSA, |
|
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|
13 * included with this distribution is covered by the same copyright terms |
|
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|
15 * |
|
16 * Copyright remains Eric Young's, and as such any Copyright notices in |
|
17 * the code are not to be removed. |
|
18 * If this package is used in a product, Eric Young should be given attribution |
|
19 * as the author of the parts of the library used. |
|
20 * This can be in the form of a textual message at program startup or |
|
21 * in documentation (online or textual) provided with the package. |
|
22 * |
|
23 * Redistribution and use in source and binary forms, with or without |
|
24 * modification, are permitted provided that the following conditions |
|
25 * are met: |
|
26 * 1. Redistributions of source code must retain the copyright |
|
27 * notice, this list of conditions and the following disclaimer. |
|
28 * 2. Redistributions in binary form must reproduce the above copyright |
|
29 * notice, this list of conditions and the following disclaimer in the |
|
30 * documentation and/or other materials provided with the distribution. |
|
31 * 3. All advertising materials mentioning features or use of this software |
|
32 * must display the following acknowledgement: |
|
33 * "This product includes cryptographic software written by |
|
34 * Eric Young (eay@cryptsoft.com)" |
|
35 * The word 'cryptographic' can be left out if the rouines from the library |
|
36 * being used are not cryptographic related :-). |
|
37 * 4. If you include any Windows specific code (or a derivative thereof) from |
|
38 * the apps directory (application code) you must include an acknowledgement: |
|
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|
40 * |
|
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|
51 * SUCH DAMAGE. |
|
52 * |
|
53 * The licence and distribution terms for any publically available version or |
|
54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
|
55 * copied and put under another distribution licence |
|
56 * [including the GNU Public Licence.] |
|
57 */ |
|
58 /* ==================================================================== |
|
59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. |
|
60 * |
|
61 * Redistribution and use in source and binary forms, with or without |
|
62 * modification, are permitted provided that the following conditions |
|
63 * are met: |
|
64 * |
|
65 * 1. Redistributions of source code must retain the above copyright |
|
66 * notice, this list of conditions and the following disclaimer. |
|
67 * |
|
68 * 2. Redistributions in binary form must reproduce the above copyright |
|
69 * notice, this list of conditions and the following disclaimer in |
|
70 * the documentation and/or other materials provided with the |
|
71 * distribution. |
|
72 * |
|
73 * 3. All advertising materials mentioning features or use of this |
|
74 * software must display the following acknowledgment: |
|
75 * "This product includes software developed by the OpenSSL Project |
|
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
|
77 * |
|
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|
79 * endorse or promote products derived from this software without |
|
80 * prior written permission. For written permission, please contact |
|
81 * openssl-core@openssl.org. |
|
82 * |
|
83 * 5. Products derived from this software may not be called "OpenSSL" |
|
84 * nor may "OpenSSL" appear in their names without prior written |
|
85 * permission of the OpenSSL Project. |
|
86 * |
|
87 * 6. Redistributions of any form whatsoever must retain the following |
|
88 * acknowledgment: |
|
89 * "This product includes software developed by the OpenSSL Project |
|
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
|
91 * |
|
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
103 * OF THE POSSIBILITY OF SUCH DAMAGE. |
|
104 * ==================================================================== |
|
105 * |
|
106 * This product includes cryptographic software written by Eric Young |
|
107 * (eay@cryptsoft.com). This product includes software written by Tim |
|
108 * Hudson (tjh@cryptsoft.com). |
|
109 * |
|
110 */ |
|
111 |
|
112 #include <stdio.h> |
|
113 #include <stdlib.h> |
|
114 #define USE_SOCKETS |
|
115 #define NON_MAIN |
|
116 #include "apps.h" |
|
117 #undef NON_MAIN |
|
118 #undef USE_SOCKETS |
|
119 #include <openssl/err.h> |
|
120 #include <openssl/x509.h> |
|
121 #include <openssl/ssl.h> |
|
122 #include "s_apps.h" |
|
123 |
|
124 int verify_depth=0; |
|
125 int verify_error=X509_V_OK; |
|
126 |
|
127 |
|
128 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) |
|
129 { |
|
130 char buf[256]; |
|
131 X509 *err_cert; |
|
132 int err,depth; |
|
133 |
|
134 err_cert=X509_STORE_CTX_get_current_cert(ctx); |
|
135 err= X509_STORE_CTX_get_error(ctx); |
|
136 depth= X509_STORE_CTX_get_error_depth(ctx); |
|
137 |
|
138 X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf); |
|
139 BIO_printf(bio_err,"depth=%d %s\n",depth,buf); |
|
140 if (!ok) |
|
141 { |
|
142 BIO_printf(bio_err,"verify error:num=%d:%s\n",err, |
|
143 X509_verify_cert_error_string(err)); |
|
144 if (verify_depth >= depth) |
|
145 { |
|
146 ok=1; |
|
147 verify_error=X509_V_OK; |
|
148 } |
|
149 else |
|
150 { |
|
151 ok=0; |
|
152 verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; |
|
153 } |
|
154 } |
|
155 switch (ctx->error) |
|
156 { |
|
157 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: |
|
158 X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf); |
|
159 BIO_printf(bio_err,"issuer= %s\n",buf); |
|
160 break; |
|
161 case X509_V_ERR_CERT_NOT_YET_VALID: |
|
162 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: |
|
163 BIO_printf(bio_err,"notBefore="); |
|
164 ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); |
|
165 BIO_printf(bio_err,"\n"); |
|
166 break; |
|
167 case X509_V_ERR_CERT_HAS_EXPIRED: |
|
168 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: |
|
169 BIO_printf(bio_err,"notAfter="); |
|
170 ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); |
|
171 BIO_printf(bio_err,"\n"); |
|
172 break; |
|
173 } |
|
174 BIO_printf(bio_err,"verify return:%d\n",ok); |
|
175 return(ok); |
|
176 } |
|
177 |
|
178 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) |
|
179 { |
|
180 if (cert_file != NULL) |
|
181 { |
|
182 /* |
|
183 SSL *ssl; |
|
184 X509 *x509; |
|
185 */ |
|
186 |
|
187 if (SSL_CTX_use_certificate_file(ctx,cert_file, |
|
188 SSL_FILETYPE_PEM) <= 0) |
|
189 { |
|
190 BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file); |
|
191 ERR_print_errors(bio_err); |
|
192 return(0); |
|
193 } |
|
194 if (key_file == NULL) key_file=cert_file; |
|
195 if (SSL_CTX_use_PrivateKey_file(ctx,key_file, |
|
196 SSL_FILETYPE_PEM) <= 0) |
|
197 { |
|
198 BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file); |
|
199 ERR_print_errors(bio_err); |
|
200 return(0); |
|
201 } |
|
202 |
|
203 /* |
|
204 In theory this is no longer needed |
|
205 ssl=SSL_new(ctx); |
|
206 x509=SSL_get_certificate(ssl); |
|
207 |
|
208 if (x509 != NULL) { |
|
209 EVP_PKEY *pktmp; |
|
210 pktmp = X509_get_pubkey(x509); |
|
211 EVP_PKEY_copy_parameters(pktmp, |
|
212 SSL_get_privatekey(ssl)); |
|
213 EVP_PKEY_free(pktmp); |
|
214 } |
|
215 SSL_free(ssl); |
|
216 */ |
|
217 |
|
218 /* If we are using DSA, we can copy the parameters from |
|
219 * the private key */ |
|
220 |
|
221 |
|
222 /* Now we know that a key and cert have been set against |
|
223 * the SSL context */ |
|
224 if (!SSL_CTX_check_private_key(ctx)) |
|
225 { |
|
226 BIO_printf(bio_err,"Private key does not match the certificate public key\n"); |
|
227 return(0); |
|
228 } |
|
229 } |
|
230 return(1); |
|
231 } |
|
232 |
|
233 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) |
|
234 { |
|
235 if (cert == NULL) |
|
236 return 1; |
|
237 if (SSL_CTX_use_certificate(ctx,cert) <= 0) |
|
238 { |
|
239 BIO_printf(bio_err,"error setting certificate\n"); |
|
240 ERR_print_errors(bio_err); |
|
241 return 0; |
|
242 } |
|
243 if (SSL_CTX_use_PrivateKey(ctx,key) <= 0) |
|
244 { |
|
245 BIO_printf(bio_err,"error setting private key\n"); |
|
246 ERR_print_errors(bio_err); |
|
247 return 0; |
|
248 } |
|
249 |
|
250 |
|
251 /* Now we know that a key and cert have been set against |
|
252 * the SSL context */ |
|
253 if (!SSL_CTX_check_private_key(ctx)) |
|
254 { |
|
255 BIO_printf(bio_err,"Private key does not match the certificate public key\n"); |
|
256 return 0; |
|
257 } |
|
258 return 1; |
|
259 } |
|
260 |
|
261 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, |
|
262 int argi, long argl, long ret) |
|
263 { |
|
264 BIO *out; |
|
265 |
|
266 out=(BIO *)BIO_get_callback_arg(bio); |
|
267 if (out == NULL) return(ret); |
|
268 |
|
269 if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) |
|
270 { |
|
271 BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n", |
|
272 (void *)bio,argp,argi,ret,ret); |
|
273 BIO_dump(out,argp,(int)ret); |
|
274 return(ret); |
|
275 } |
|
276 else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) |
|
277 { |
|
278 BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n", |
|
279 (void *)bio,argp,argi,ret,ret); |
|
280 BIO_dump(out,argp,(int)ret); |
|
281 } |
|
282 return(ret); |
|
283 } |
|
284 |
|
285 void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) |
|
286 { |
|
287 const char *str; |
|
288 int w; |
|
289 |
|
290 w=where& ~SSL_ST_MASK; |
|
291 |
|
292 if (w & SSL_ST_CONNECT) str="SSL_connect"; |
|
293 else if (w & SSL_ST_ACCEPT) str="SSL_accept"; |
|
294 else str="undefined"; |
|
295 |
|
296 if (where & SSL_CB_LOOP) |
|
297 { |
|
298 BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s)); |
|
299 } |
|
300 else if (where & SSL_CB_ALERT) |
|
301 { |
|
302 str=(where & SSL_CB_READ)?"read":"write"; |
|
303 BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n", |
|
304 str, |
|
305 SSL_alert_type_string_long(ret), |
|
306 SSL_alert_desc_string_long(ret)); |
|
307 } |
|
308 else if (where & SSL_CB_EXIT) |
|
309 { |
|
310 if (ret == 0) |
|
311 BIO_printf(bio_err,"%s:failed in %s\n", |
|
312 str,SSL_state_string_long(s)); |
|
313 else if (ret < 0) |
|
314 { |
|
315 BIO_printf(bio_err,"%s:error in %s\n", |
|
316 str,SSL_state_string_long(s)); |
|
317 } |
|
318 } |
|
319 } |
|
320 |
|
321 |
|
322 void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) |
|
323 { |
|
324 BIO *bio = arg; |
|
325 const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= ""; |
|
326 |
|
327 str_write_p = write_p ? ">>>" : "<<<"; |
|
328 |
|
329 switch (version) |
|
330 { |
|
331 case SSL2_VERSION: |
|
332 str_version = "SSL 2.0"; |
|
333 break; |
|
334 case SSL3_VERSION: |
|
335 str_version = "SSL 3.0 "; |
|
336 break; |
|
337 case TLS1_VERSION: |
|
338 str_version = "TLS 1.0 "; |
|
339 break; |
|
340 default: |
|
341 str_version = "???"; |
|
342 } |
|
343 |
|
344 if (version == SSL2_VERSION) |
|
345 { |
|
346 str_details1 = "???"; |
|
347 |
|
348 if (len > 0) |
|
349 { |
|
350 switch (((const unsigned char*)buf)[0]) |
|
351 { |
|
352 case 0: |
|
353 str_details1 = ", ERROR:"; |
|
354 str_details2 = " ???"; |
|
355 if (len >= 3) |
|
356 { |
|
357 unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2]; |
|
358 |
|
359 switch (err) |
|
360 { |
|
361 case 0x0001: |
|
362 str_details2 = " NO-CIPHER-ERROR"; |
|
363 break; |
|
364 case 0x0002: |
|
365 str_details2 = " NO-CERTIFICATE-ERROR"; |
|
366 break; |
|
367 case 0x0004: |
|
368 str_details2 = " BAD-CERTIFICATE-ERROR"; |
|
369 break; |
|
370 case 0x0006: |
|
371 str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; |
|
372 break; |
|
373 } |
|
374 } |
|
375 |
|
376 break; |
|
377 case 1: |
|
378 str_details1 = ", CLIENT-HELLO"; |
|
379 break; |
|
380 case 2: |
|
381 str_details1 = ", CLIENT-MASTER-KEY"; |
|
382 break; |
|
383 case 3: |
|
384 str_details1 = ", CLIENT-FINISHED"; |
|
385 break; |
|
386 case 4: |
|
387 str_details1 = ", SERVER-HELLO"; |
|
388 break; |
|
389 case 5: |
|
390 str_details1 = ", SERVER-VERIFY"; |
|
391 break; |
|
392 case 6: |
|
393 str_details1 = ", SERVER-FINISHED"; |
|
394 break; |
|
395 case 7: |
|
396 str_details1 = ", REQUEST-CERTIFICATE"; |
|
397 break; |
|
398 case 8: |
|
399 str_details1 = ", CLIENT-CERTIFICATE"; |
|
400 break; |
|
401 } |
|
402 } |
|
403 } |
|
404 |
|
405 if (version == SSL3_VERSION || version == TLS1_VERSION) |
|
406 { |
|
407 switch (content_type) |
|
408 { |
|
409 case 20: |
|
410 str_content_type = "ChangeCipherSpec"; |
|
411 break; |
|
412 case 21: |
|
413 str_content_type = "Alert"; |
|
414 break; |
|
415 case 22: |
|
416 str_content_type = "Handshake"; |
|
417 break; |
|
418 } |
|
419 |
|
420 if (content_type == 21) /* Alert */ |
|
421 { |
|
422 str_details1 = ", ???"; |
|
423 |
|
424 if (len == 2) |
|
425 { |
|
426 switch (((const unsigned char*)buf)[0]) |
|
427 { |
|
428 case 1: |
|
429 str_details1 = ", warning"; |
|
430 break; |
|
431 case 2: |
|
432 str_details1 = ", fatal"; |
|
433 break; |
|
434 } |
|
435 |
|
436 str_details2 = " ???"; |
|
437 switch (((const unsigned char*)buf)[1]) |
|
438 { |
|
439 case 0: |
|
440 str_details2 = " close_notify"; |
|
441 break; |
|
442 case 10: |
|
443 str_details2 = " unexpected_message"; |
|
444 break; |
|
445 case 20: |
|
446 str_details2 = " bad_record_mac"; |
|
447 break; |
|
448 case 21: |
|
449 str_details2 = " decryption_failed"; |
|
450 break; |
|
451 case 22: |
|
452 str_details2 = " record_overflow"; |
|
453 break; |
|
454 case 30: |
|
455 str_details2 = " decompression_failure"; |
|
456 break; |
|
457 case 40: |
|
458 str_details2 = " handshake_failure"; |
|
459 break; |
|
460 case 42: |
|
461 str_details2 = " bad_certificate"; |
|
462 break; |
|
463 case 43: |
|
464 str_details2 = " unsupported_certificate"; |
|
465 break; |
|
466 case 44: |
|
467 str_details2 = " certificate_revoked"; |
|
468 break; |
|
469 case 45: |
|
470 str_details2 = " certificate_expired"; |
|
471 break; |
|
472 case 46: |
|
473 str_details2 = " certificate_unknown"; |
|
474 break; |
|
475 case 47: |
|
476 str_details2 = " illegal_parameter"; |
|
477 break; |
|
478 case 48: |
|
479 str_details2 = " unknown_ca"; |
|
480 break; |
|
481 case 49: |
|
482 str_details2 = " access_denied"; |
|
483 break; |
|
484 case 50: |
|
485 str_details2 = " decode_error"; |
|
486 break; |
|
487 case 51: |
|
488 str_details2 = " decrypt_error"; |
|
489 break; |
|
490 case 60: |
|
491 str_details2 = " export_restriction"; |
|
492 break; |
|
493 case 70: |
|
494 str_details2 = " protocol_version"; |
|
495 break; |
|
496 case 71: |
|
497 str_details2 = " insufficient_security"; |
|
498 break; |
|
499 case 80: |
|
500 str_details2 = " internal_error"; |
|
501 break; |
|
502 case 90: |
|
503 str_details2 = " user_canceled"; |
|
504 break; |
|
505 case 100: |
|
506 str_details2 = " no_renegotiation"; |
|
507 break; |
|
508 } |
|
509 } |
|
510 } |
|
511 |
|
512 if (content_type == 22) /* Handshake */ |
|
513 { |
|
514 str_details1 = "???"; |
|
515 |
|
516 if (len > 0) |
|
517 { |
|
518 switch (((const unsigned char*)buf)[0]) |
|
519 { |
|
520 case 0: |
|
521 str_details1 = ", HelloRequest"; |
|
522 break; |
|
523 case 1: |
|
524 str_details1 = ", ClientHello"; |
|
525 break; |
|
526 case 2: |
|
527 str_details1 = ", ServerHello"; |
|
528 break; |
|
529 case 11: |
|
530 str_details1 = ", Certificate"; |
|
531 break; |
|
532 case 12: |
|
533 str_details1 = ", ServerKeyExchange"; |
|
534 break; |
|
535 case 13: |
|
536 str_details1 = ", CertificateRequest"; |
|
537 break; |
|
538 case 14: |
|
539 str_details1 = ", ServerHelloDone"; |
|
540 break; |
|
541 case 15: |
|
542 str_details1 = ", CertificateVerify"; |
|
543 break; |
|
544 case 16: |
|
545 str_details1 = ", ClientKeyExchange"; |
|
546 break; |
|
547 case 20: |
|
548 str_details1 = ", Finished"; |
|
549 break; |
|
550 } |
|
551 } |
|
552 } |
|
553 } |
|
554 |
|
555 BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2); |
|
556 |
|
557 if (len > 0) |
|
558 { |
|
559 size_t num, i; |
|
560 |
|
561 BIO_printf(bio, " "); |
|
562 num = len; |
|
563 #if 0 |
|
564 if (num > 16) |
|
565 num = 16; |
|
566 #endif |
|
567 for (i = 0; i < num; i++) |
|
568 { |
|
569 if (i % 16 == 0 && i > 0) |
|
570 BIO_printf(bio, "\n "); |
|
571 BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]); |
|
572 } |
|
573 if (i < len) |
|
574 BIO_printf(bio, " ..."); |
|
575 BIO_printf(bio, "\n"); |
|
576 } |
|
577 (void)BIO_flush(bio); |
|
578 } |
|
579 |
|
580 void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, |
|
581 unsigned char *data, int len, |
|
582 void *arg) |
|
583 { |
|
584 BIO *bio = arg; |
|
585 char *extname; |
|
586 |
|
587 switch(type) |
|
588 { |
|
589 case TLSEXT_TYPE_server_name: |
|
590 extname = "server name"; |
|
591 break; |
|
592 |
|
593 case TLSEXT_TYPE_max_fragment_length: |
|
594 extname = "max fragment length"; |
|
595 break; |
|
596 |
|
597 case TLSEXT_TYPE_client_certificate_url: |
|
598 extname = "client certificate URL"; |
|
599 break; |
|
600 |
|
601 case TLSEXT_TYPE_trusted_ca_keys: |
|
602 extname = "trusted CA keys"; |
|
603 break; |
|
604 |
|
605 case TLSEXT_TYPE_truncated_hmac: |
|
606 extname = "truncated HMAC"; |
|
607 break; |
|
608 |
|
609 case TLSEXT_TYPE_status_request: |
|
610 extname = "status request"; |
|
611 break; |
|
612 |
|
613 case TLSEXT_TYPE_elliptic_curves: |
|
614 extname = "elliptic curves"; |
|
615 break; |
|
616 |
|
617 case TLSEXT_TYPE_ec_point_formats: |
|
618 extname = "EC point formats"; |
|
619 break; |
|
620 |
|
621 case TLSEXT_TYPE_session_ticket: |
|
622 extname = "server ticket"; |
|
623 break; |
|
624 |
|
625 |
|
626 default: |
|
627 extname = "unknown"; |
|
628 break; |
|
629 |
|
630 } |
|
631 |
|
632 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", |
|
633 client_server ? "server": "client", |
|
634 extname, type, len); |
|
635 BIO_dump(bio, (char *)data, len); |
|
636 (void)BIO_flush(bio); |
|
637 } |