_Bool connected;//soc is connected to remote
_Bool modtls; //soc is in TLS mode
TLSTYP *tls; //full TPS/SSL channel
+ char *cipherid; //Information on TLS crypting
int maxcarin; //absolute number within carin
char *EOL; //End of line marker
int carin; //number of char within incpt;
register SOCTYP *soc;
soc=(SOCTYP *)socptr;
+ soc->cipherid=rou_freestr(soc->cipherid);
soc->hostname=rou_freestr(soc->hostname);
soc->ip=rou_freestr(soc->ip);
soc->port=rou_freestr(soc->port);
break;
}
(void) tls_verify(soc->tls);
+ soc->cipherid=tls_getcipherid(soc->tls);
}
peerip=rou_freestr(peerip);
}
*/
/********************************************************/
/* */
+/* Procedure to build a ID string about the */
+/* encrypted connecion within TLS */
+/* */
+/********************************************************/
+PUBLIC char *tls_getcipherid(TLSTYP *tls)
+
+{
+#define OPEP "unitls.c:tls_getcipherid,"
+#define MXID 72
+
+char *cipherid;
+const SSL_CIPHER *cipher;
+const char *version;
+const char *name;
+const char *verif;
+int bits;
+int phase;
+_Bool proceed;
+
+cipherid=(char *)0;
+cipher=(const SSL_CIPHER *)0;
+version=(char *)0;
+name=(char *)0;
+verif=(char *)0;
+bits=0;
+phase=0;
+proceed=true;
+while (proceed==true) {
+ switch (phase) {
+ case 0 : //do we have a TLS
+ if ((tls==(TLSTYP *)0)||(tls->ssl==(SSL *)0)) {
+ (void) rou_alert(0,"%s TLS or SSL NULL (Bug?)",OPEP);
+ phase=999;
+ }
+ break;
+ case 1 : //do we have a TLS
+ if ((cipher=SSL_get_current_cipher(tls->ssl))==(const SSL_CIPHER *)0) {
+ (void) rou_alert(0,"%s Unable to get cypher (BUg?)",OPEP);
+ phase=999;
+ }
+ break;
+ case 2 : //do we have a TLS
+ version=SSL_CIPHER_get_version(cipher);
+ name=SSL_CIPHER_get_name(cipher);
+ bits=SSL_CIPHER_get_bits(cipher,0);
+ if (strcmp(version,"SSLv3")==0)
+ version="TLSv1/SSLv3";
+ break;
+ case 3 : //set verify mode
+ switch(SSL_get_verify_mode(tls->ssl)) {
+ case SSL_VERIFY_PEER :
+ //No break
+ case SSL_VERIFY_CLIENT_ONCE :
+ //No break
+ case (SSL_VERIFY_NONE) :
+ switch(SSL_get_verify_result(tls->ssl)) {
+ case (X509_V_OK) :
+ verif="OK";
+ break;
+ default :
+ verif="FAIL";
+ break;
+ }
+ break;
+ default :
+ verif="NO";
+ break;
+ }
+ break;
+ case 4 : //we have ALL data
+ cipherid=(char *)calloc(1,MXID);
+ (void) snprintf(cipherid,MXID,"version=%s cipher=%s bits=%d verify=%s",
+ version,name,bits,verif);
+ (void) rou_alert(0,"%s cipherid=<%s>",OPEP,cipherid);
+ break;
+ default : //SAFE Guard
+ proceed=false;
+ break;
+ }
+ phase++;
+ }
+return cipherid;
+#undef MXID
+#undef OPEP
+}
+/*
+^L
+*/
+/********************************************************/
+/* */
/* Procedure to verify remote certificate */
/* */
/********************************************************/
vps2: / jmp / mailleur / commitdiff