diff --git a/src/lib/plugin/ns/SecureSocket.cpp b/src/lib/plugin/ns/SecureSocket.cpp index 170974defa..05e0e608fe 100644 --- a/src/lib/plugin/ns/SecureSocket.cpp +++ b/src/lib/plugin/ns/SecureSocket.cpp @@ -39,10 +39,6 @@ static const int g_maxRetry = 1000; static const float g_retryDelay = 0.01f; -enum { - kMsgSize = 128 -}; - static const char kFingerprintDirName[] = "SSL/Fingerprints"; //static const char kFingerprintLocalFilename[] = "Local.txt"; static const char kFingerprintTrustedServersFilename[] = "TrustedServers.txt"; @@ -239,9 +235,11 @@ SecureSocket::initContext(bool server) // load all error messages SSL_load_error_strings(); - if (CLOG->getFilter() >= kINFO) { - showSecureLibInfo(); - } + LOG((CLOG_INFO "%s",SSLeay_version (SSLEAY_VERSION))); + LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version (SSLEAY_CFLAGS))); + LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version (SSLEAY_BUILT_ON))); + LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version (SSLEAY_PLATFORM))); + LOG((CLOG_DEBUG2 "%s",SSLeay_version (SSLEAY_DIR))); // SSLv23_method uses TLSv1, with the ability to fall back to SSLv3 if (server) { @@ -301,8 +299,14 @@ SecureSocket::secureAccept(int socket) if (retry == 0) { m_secureReady = true; LOG((CLOG_INFO "accepted secure socket")); - showSecureCipherInfo(); - showSecureConnectInfo(); + const SSL_CIPHER* cipher = SSL_get_current_cipher(m_ssl->m_ssl); + if(cipher != NULL) { + char * cipherVersion = SSL_CIPHER_description(cipher, NULL, 0); + if(cipherVersion != NULL) { + LOG((CLOG_INFO "%s", cipherVersion)); + OPENSSL_free(cipherVersion); + } + } return 1; } @@ -364,8 +368,14 @@ SecureSocket::secureConnect(int socket) return -1; // Fingerprint failed, error } LOG((CLOG_DEBUG2 "connected secure socket")); - showSecureCipherInfo(); - showSecureConnectInfo(); + const SSL_CIPHER* cipher = SSL_get_current_cipher(m_ssl->m_ssl); + if(cipher != NULL) { + char * cipherVersion = SSL_CIPHER_description(cipher, NULL, 0); + if(cipherVersion != NULL) { + LOG((CLOG_INFO "%s", cipherVersion)); + OPENSSL_free(cipherVersion); + } + } return 1; } @@ -639,72 +649,3 @@ SecureSocket::serviceAccept(ISocketMultiplexerJob* job, this, &SecureSocket::serviceAccept, getSocket(), isReadable(), isWritable()); } - -void -showCipherStackDesc(STACK_OF(SSL_CIPHER) * stack) { - char msg[kMsgSize]; - int i = 0; - for ( ; i < sk_SSL_CIPHER_num(stack) ; i++) { - const SSL_CIPHER * cipher = sk_SSL_CIPHER_value(stack,i); - - SSL_CIPHER_description(cipher, msg, kMsgSize); - - // Why does SSL put a newline in the description? - int pos = (int)strlen(msg) - 1; - if (msg[pos] == '\n') { - msg[pos] = '\0'; - } - - LOG((CLOG_DEBUG1 "%s",msg)); - } -} - -void -SecureSocket::showSecureCipherInfo() -{ - STACK_OF(SSL_CIPHER) * sStack = SSL_get_ciphers(m_ssl->m_ssl); - - if (sStack == NULL) { - LOG((CLOG_WARN "No ciphers available on server")); - } - else { - LOG((CLOG_DEBUG1 "Ciphers available on server:")); - showCipherStackDesc(sStack); - } - - // m_ssl->m_ssl->session->ciphers is not forward compatable, In future release - // of OpenSSL, it's not visible, need to use SSL_get_client_ciphers() instead - STACK_OF(SSL_CIPHER) * cStack = m_ssl->m_ssl->session->ciphers; - if (cStack == NULL) { - LOG((CLOG_WARN "No ciphers available from client")); - } - else { - LOG((CLOG_DEBUG1 "Ciphers available on client:")); - showCipherStackDesc(cStack); - } - return; -} - -void -SecureSocket::showSecureLibInfo() -{ - LOG((CLOG_INFO "%s",SSLeay_version(SSLEAY_VERSION))); - LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version(SSLEAY_CFLAGS))); - LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version(SSLEAY_BUILT_ON))); - LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version(SSLEAY_PLATFORM))); - LOG((CLOG_DEBUG2 "%s",SSLeay_version(SSLEAY_DIR))); - return; -} - -void -SecureSocket::showSecureConnectInfo() -{ - const SSL_CIPHER* cipher = SSL_get_current_cipher(m_ssl->m_ssl); - - if (cipher != NULL) { - char msg[kMsgSize]; - SSL_CIPHER_description(cipher, msg, kMsgSize); - LOG((CLOG_INFO "%s", msg)); - } - return; -} diff --git a/src/lib/plugin/ns/SecureSocket.h b/src/lib/plugin/ns/SecureSocket.h index 871e1e4d72..15060816ea 100644 --- a/src/lib/plugin/ns/SecureSocket.h +++ b/src/lib/plugin/ns/SecureSocket.h @@ -77,10 +77,6 @@ private: serviceAccept(ISocketMultiplexerJob*, bool, bool, bool); - void showSecureConnectInfo(); - void showSecureLibInfo(); - void showSecureCipherInfo(); - private: Ssl* m_ssl; bool m_secureReady;