*/
/********************************************************/
/* */
+/* Procedure to get the cipher name used in cypted */
+/* mode. */
+/* */
+/********************************************************/
+PUBLIC const char *soc_get_cipher_name(SOCPTR *socptr)
+
+{
+const char *cipher;
+SOCTYP *soc;
+
+cipher="Unknown";
+soc=(SOCTYP *)socptr;
+if (soc!=(SOCTYP *)0) {
+ const char *ptr;
+
+ if ((ptr=SSL_get_cipher_name(soc->tls->ssl))!=(const char *)0)
+ cipher=ptr;
+ }
+return cipher;
+}
+/*
+^L
+*/
+/********************************************************/
+/* */
/* Procedure to return the socket mode as a string */
/* */
/********************************************************/
//procedure to initiate crypted mode on plain channel
extern _Bool soc_starttls(SOCPTR *socptr,_Bool server,const char *certs[3]);
-//return flag true if socet is in crypted mode
+//return flag true if socket is in crypted mode
extern _Bool soc_iscrypted(SOCPTR *socptr);
+//return the cipher mame used on the crypted link
+extern const char *soc_get_cipher_name(SOCPTR *socptr);
+
//return line socket mode (cleartext, crypted)
extern const char *soc_getstrmode(SOCPTR *socptr);
case c_starttls : //EHLO start encrypted link in server mode
switch (soc_starttls(contact->socptr,true,srvr_certs)) {
case true : //link now in TLS crypted mode
- (void) transmit(contact,"%d Link now encrypted",CMDOK);
+ (void) transmit(contact,"%d Link now encrypted (cipher=<%s>)",
+ CMDOK,soc_get_cipher_name(contact->socptr));
break;
case false : //unable to establish link
(void) transmit(contact,"%d 5.3.3 command starttls not successful",
proceed=true;
while (proceed==true) {
switch (phase) {
- case 0 : //get remote certificate
+ case 0 : //do we need to check peer
+ if (tls->checkpeer==false)
+ phase=999; //No need to check certificate
+ break;
+ case 1 : //get remote certificate
if ((peer=SSL_get_peer_certificate(tls->ssl))==(X509 *)0) {
char msg[200];
phase=999; //no need to go furter
}
break;
- case 1 : //displaying certificate
+ case 2 : //displaying certificate
if (peer!=(X509 *)0) { //always
char *line;
(void) free(line);
}
break;
- case 3 : { //verifying certificate
+ case 3 : //everything is fine
+ (void) X509_free(peer);
+ ok=true;
+ break;
+ case 4 : { //verifying certificate
int verif;
verif=SSL_get_verify_result(tls->ssl);
}
}
break;
- case 2 : //everything is fine
- (void) X509_free(peer);
- ok=true;
+ case 5 : //display cipher used
break;
default : //SAFE Guard
proceed=false;
typedef struct {
_Bool server; //SSL server/client mode
+ _Bool checkpeer;//Check peer certificate
_Bool goteof; //SSL End Of File
_Bool tls; //link in TLS (crypted) mode
BIO *bio; //SSL Basic IO