From: Petr Štetiar Date: Tue, 22 Feb 2022 12:59:27 +0000 (+0100) Subject: ustream-openssl: wolfSSL: provide detailed information in debug builds X-Git-Url: http://git.openwrt.org/?p=project%2Fustream-ssl.git;a=commitdiff_plain;h=584f1f6bf5e30cf74358505972b0d4634885b5b6 ustream-openssl: wolfSSL: provide detailed information in debug builds Show detailed information about the session/peer in debug builds: $ wget https://letsencrypt.org Alternate cert chain used issuer : /C=US/O=Let's Encrypt/CN=R3 subject: /CN=lencr.org altname = lencr.org altname = letsencrypt.com altname = letsencrypt.org altname = www.lencr.org altname = www.letsencrypt.com altname = www.letsencrypt.org serial number:03:4e:29:5a:d6:74:ae:fd:51:cd:0d:61:11:f9:e3:e3:bd:88 Certificate: ...snip... our cert info: No Cert Peer verify result = 39 SSL version is TLSv1.3 SSL cipher suite is TLS_AES_256_GCM_SHA384 SSL curve name is SECP256R1 Alternate cert chain used As it makes debugging issues like #9283 easier. Signed-off-by: Petr Štetiar --- diff --git a/CMakeLists.txt b/CMakeLists.txt index f53e726..2de6590 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -42,6 +42,8 @@ TARGET_LINK_LIBRARIES(ustream-example-server ustream-ssl) ADD_EXECUTABLE(ustream-example-client ustream-example-client.c) TARGET_LINK_LIBRARIES(ustream-example-client ustream-ssl) +TARGET_COMPILE_DEFINITIONS(ustream-ssl PRIVATE $<$:DEBUG>) + INSTALL(FILES ustream-ssl.h DESTINATION include/libubox ) diff --git a/ustream-openssl.c b/ustream-openssl.c index 894dddb..6dae4ae 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -25,6 +25,10 @@ #include #endif +#if defined(HAVE_WOLFSSL) && defined(DEBUG) +#include +#endif + /* Ciphersuite preference: * - for server, no weak ciphers are used if you use an ECDSA key. * - forward-secret (pfs), authenticated (AEAD) ciphers are at the top: @@ -268,6 +272,10 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us) X509 *cert; int res; +#if defined(HAVE_WOLFSSL) && defined(DEBUG) + showPeer(ssl); +#endif + res = SSL_get_verify_result(ssl); if (res != X509_V_OK) { if (us->notify_verify_error)