/* tls-info.h * * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. (formerly known as CyaSSL) * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ static const char* client_showpeer_msg[][8] = { /* English */ { "SSL version is", "SSL cipher suite is", "SSL curve name is", "SSL DH size is", "SSL reused session", "Alternate cert chain used", "peer's cert info:", NULL }, #ifndef NO_MULTIBYTE_PRINT /* Japanese */ { "SSL バージョンは", "SSL 暗号スイートは", "SSL 曲線名は", "SSL DH サイズは", "SSL 再利用セッション", "代替証明チェーンを使用", "相手方証明書情報", NULL }, #endif }; #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) static const char* client_showx509_msg[][5] = { /* English */ { "issuer", "subject", "altname", "serial number", NULL }, #ifndef NO_MULTIBYTE_PRINT /* Japanese */ { "発行者", "サブジェクト", "代替名", "シリアル番号", NULL }, #endif }; /* lng_index is to specify the language for displaying message. */ /* 0:English, 1:Japanese */ static WC_INLINE void ShowX509Ex(WOLFSSL_X509* x509, const char* hdr, int lng_index) { char* altName; char* issuer; char* subject; byte serial[32]; int ret; int sz = sizeof(serial); const char** words = client_showx509_msg[lng_index]; if (x509 == NULL) { printf("%s No Cert\n", hdr); return; } issuer = wolfSSL_X509_NAME_oneline( wolfSSL_X509_get_issuer_name(x509), 0, 0); subject = wolfSSL_X509_NAME_oneline( wolfSSL_X509_get_subject_name(x509), 0, 0); printf("%s\n %s : %s\n %s: %s\n", hdr, words[0], issuer, words[1], subject); while ( (altName = wolfSSL_X509_get_next_altname(x509)) != NULL) printf(" %s = %s\n", words[2], altName); ret = wolfSSL_X509_get_serial_number(x509, serial, &sz); if (ret == WOLFSSL_SUCCESS) { int i; int strLen; char serialMsg[80]; /* testsuite has multiple threads writing to stdout, get output message ready to write once */ strLen = sprintf(serialMsg, " %s", words[3]); for (i = 0; i < sz; i++) sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]); printf("%s\n", serialMsg); } XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); #if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS) { WOLFSSL_BIO* bio; char buf[256]; /* should be size of ASN_NAME_MAX */ int textSz; /* print out domain component if certificate has it */ textSz = wolfSSL_X509_NAME_get_text_by_NID( wolfSSL_X509_get_subject_name(x509), NID_domainComponent, buf, sizeof(buf)); if (textSz > 0) { printf("Domain Component = %s\n", buf); } bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); if (bio != NULL) { wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE); wolfSSL_X509_print(bio, x509); wolfSSL_BIO_free(bio); } } #endif } #endif #if defined(SESSION_CERTS) && defined(SHOW_CERTS) static WC_INLINE void ShowX509Chain(WOLFSSL_X509_CHAIN* chain, int count, const char* hdr) { int i; int length; unsigned char buffer[3072]; WOLFSSL_X509* chainX509; for (i = 0; i < count; i++) { wolfSSL_get_chain_cert_pem(chain, i, buffer, sizeof(buffer), &length); buffer[length] = 0; printf("\n%s: %d has length %d data = \n%s\n", hdr, i, length, buffer); chainX509 = wolfSSL_get_chain_X509(chain, i); if (chainX509) ShowX509(chainX509, hdr); else printf("get_chain_X509 failed\n"); wolfSSL_FreeX509(chainX509); } } #endif static WC_INLINE void showPeerEx(WOLFSSL* ssl, int lng_index) { WOLFSSL_CIPHER* cipher; const char** words = client_showpeer_msg[lng_index]; #ifdef HAVE_ECC const char *name; #endif #ifndef NO_DH int bits; #endif #ifdef KEEP_PEER_CERT WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl); if (peer) ShowX509Ex(peer, words[6], lng_index); else printf("peer has no cert!\n"); wolfSSL_FreeX509(peer); #endif #if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT) ShowX509(wolfSSL_get_certificate(ssl), "our cert info:"); printf("Peer verify result = %lu\n", wolfSSL_get_verify_result(ssl)); #endif /* SHOW_CERTS */ printf("%s %s\n", words[0], wolfSSL_get_version(ssl)); cipher = wolfSSL_get_current_cipher(ssl); #ifdef HAVE_QSH printf("%s %s%s\n", words[1], (wolfSSL_isQSH(ssl))? "QSH:": "", wolfSSL_CIPHER_get_name(cipher)); #else printf("%s %s\n", words[1], wolfSSL_CIPHER_get_name(cipher)); #endif #ifdef HAVE_ECC if ((name = wolfSSL_get_curve_name(ssl)) != NULL) printf("%s %s\n", words[2], name); #endif #ifndef NO_DH if ((bits = wolfSSL_GetDhKey_Sz(ssl)) > 0) printf("%s %d bits\n", words[3], bits); #endif if (wolfSSL_session_reused(ssl)) printf("%s\n", words[4]); #ifdef WOLFSSL_ALT_CERT_CHAINS if (wolfSSL_is_peer_alt_cert_chain(ssl)) printf("%s\n", words[5]); #endif #if defined(SESSION_CERTS) && defined(SHOW_CERTS) { WOLFSSL_X509_CHAIN* chain; chain = wolfSSL_get_peer_chain(ssl); ShowX509Chain(chain, wolfSSL_get_chain_count(chain), "session cert"); #ifdef WOLFSSL_ALT_CERT_CHAINS if (wolfSSL_is_peer_alt_cert_chain(ssl)) { chain = wolfSSL_get_peer_alt_chain(ssl); ShowX509Chain(chain, wolfSSL_get_chain_count(chain), "alt cert"); } #endif } #endif /* SESSION_CERTS && SHOW_CERTS */ (void)ssl; }