From d5760e0d6a05b7a13bdb044018b2334c69d6cfdf Mon Sep 17 00:00:00 2001 From: Travis Cross Date: Fri, 28 Feb 2014 20:28:33 +0000 Subject: [PATCH] Show TLS cipher suite selected in sofia debug This shows the cipher name, TLS version, the number of cipher bits and algorithm bits, and a description of the cipher in Sofia's debug logging output on level 9. --- .../libsofia-sip-ua/tport/tport_tls.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c index d6b9b324ce..a63963b58e 100644 --- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c +++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c @@ -542,11 +542,30 @@ su_inline int tls_post_connection_check(tport_t *self, tls_t *tls) { X509 *cert; + const SSL_CIPHER *cipher; + char cipher_description[256]; + int cipher_bits, alg_bits; int extcount; int i, j, error; if (!tls) return -1; + if (!(cipher = SSL_get_current_cipher(tls->con))) { + SU_DEBUG_7(("%s(%p): %s\n", __func__, (void*)self, + "OpenSSL failed to return an SSL_CIPHER object to us.")); + return SSL_ERROR_SSL; + } + SU_DEBUG_9(("%s(%p): TLS cipher chosen (name): %s\n", __func__, (void*)self, + SSL_CIPHER_get_name(cipher))); + SU_DEBUG_9(("%s(%p): TLS cipher chosen (version): %s\n", __func__, (void*)self, + SSL_CIPHER_get_version(cipher))); + cipher_bits = SSL_CIPHER_get_bits(cipher, &alg_bits); + SU_DEBUG_9(("%s(%p): TLS cipher chosen (bits/alg_bits): %d/%d\n", __func__, (void*)self, + cipher_bits, alg_bits)); + SSL_CIPHER_description(cipher, cipher_description, sizeof(cipher_description)); + SU_DEBUG_9(("%s(%p): TLS cipher chosen (description): %s\n", __func__, (void*)self, + cipher_description)); + cert = SSL_get_peer_certificate(tls->con); if (!cert) { SU_DEBUG_7(("%s(%p): Peer did not provide X.509 Certificate.\n",