kike: add some OpenSSL information to debug log
This commit is contained in:
parent
d5a153bbe3
commit
c3243c8f50
33
kike.c
33
kike.c
|
@ -3445,6 +3445,36 @@ irc_ssl_verify_callback (int verify_ok, X509_STORE_CTX *ctx)
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
irc_ssl_info_callback (const SSL *ssl, int where, int ret)
|
||||||
|
{
|
||||||
|
// For debugging only; provides us with the most important information
|
||||||
|
|
||||||
|
struct str s;
|
||||||
|
str_init (&s);
|
||||||
|
|
||||||
|
if (where & SSL_CB_LOOP)
|
||||||
|
str_append_printf (&s, "loop (%s) ",
|
||||||
|
SSL_state_string_long (ssl));
|
||||||
|
if (where & SSL_CB_EXIT)
|
||||||
|
str_append_printf (&s, "exit (%d in %s) ", ret,
|
||||||
|
SSL_state_string_long (ssl));
|
||||||
|
|
||||||
|
if (where & SSL_CB_READ) str_append (&s, "read ");
|
||||||
|
if (where & SSL_CB_WRITE) str_append (&s, "write ");
|
||||||
|
|
||||||
|
if (where & SSL_CB_ALERT)
|
||||||
|
str_append_printf (&s, "alert (%s: %s) ",
|
||||||
|
SSL_alert_type_string_long (ret),
|
||||||
|
SSL_alert_desc_string_long (ret));
|
||||||
|
|
||||||
|
if (where & SSL_CB_HANDSHAKE_START) str_append (&s, "handshake start ");
|
||||||
|
if (where & SSL_CB_HANDSHAKE_DONE) str_append (&s, "handshake done ");
|
||||||
|
|
||||||
|
print_debug ("ssl <%p> %s", ssl, s.str);
|
||||||
|
str_free (&s);
|
||||||
|
}
|
||||||
|
|
||||||
static bool
|
static bool
|
||||||
irc_initialize_ssl_ctx (struct server_context *ctx,
|
irc_initialize_ssl_ctx (struct server_context *ctx,
|
||||||
const char *cert_path, const char *key_path, struct error **e)
|
const char *cert_path, const char *key_path, struct error **e)
|
||||||
|
@ -3462,6 +3492,9 @@ irc_initialize_ssl_ctx (struct server_context *ctx,
|
||||||
SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, irc_ssl_verify_callback);
|
SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, irc_ssl_verify_callback);
|
||||||
// XXX: maybe we should call SSL_CTX_set_options() for some workarounds
|
// XXX: maybe we should call SSL_CTX_set_options() for some workarounds
|
||||||
|
|
||||||
|
if (g_debug_mode)
|
||||||
|
SSL_CTX_set_info_callback (ctx->ssl_ctx, irc_ssl_info_callback);
|
||||||
|
|
||||||
const unsigned char session_id_context[SSL_MAX_SSL_SESSION_ID_LENGTH]
|
const unsigned char session_id_context[SSL_MAX_SSL_SESSION_ID_LENGTH]
|
||||||
= PROGRAM_NAME;
|
= PROGRAM_NAME;
|
||||||
(void) SSL_CTX_set_session_id_context (ctx->ssl_ctx,
|
(void) SSL_CTX_set_session_id_context (ctx->ssl_ctx,
|
||||||
|
|
Loading…
Reference in New Issue