From ac53be439bb432fc8b0c939220687a695fca27c9 Mon Sep 17 00:00:00 2001 From: "Jean-Marc Pigeon (Delson)" Date: Mon, 26 May 2025 10:05:48 -0400 Subject: [PATCH] Adding cipher information within SOCTYP->ciperid --- lib/devsoc.c | 3 ++ lib/unitls.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++ lib/unitls.h | 4 +++ 3 files changed, 97 insertions(+) diff --git a/lib/devsoc.c b/lib/devsoc.c index 1de5f00..bb71daa 100644 --- a/lib/devsoc.c +++ b/lib/devsoc.c @@ -31,6 +31,7 @@ typedef struct { _Bool connected;//soc is connected to remote _Bool modtls; //soc is in TLS mode TLSTYP *tls; //full TPS/SSL channel + char *cipherid; //Information on TLS crypting int maxcarin; //absolute number within carin char *EOL; //End of line marker int carin; //number of char within incpt; @@ -93,6 +94,7 @@ if (socptr!=(SOCPTR *)0) { register SOCTYP *soc; soc=(SOCTYP *)socptr; + soc->cipherid=rou_freestr(soc->cipherid); soc->hostname=rou_freestr(soc->hostname); soc->ip=rou_freestr(soc->ip); soc->port=rou_freestr(soc->port); @@ -1475,6 +1477,7 @@ if ((soc!=(SOCTYP *)0)&&(soc->modtls==false)) { break; } (void) tls_verify(soc->tls); + soc->cipherid=tls_getcipherid(soc->tls); } peerip=rou_freestr(peerip); } diff --git a/lib/unitls.c b/lib/unitls.c index a706945..f4d2e93 100644 --- a/lib/unitls.c +++ b/lib/unitls.c @@ -349,6 +349,96 @@ while (proceed==true) { */ /********************************************************/ /* */ +/* Procedure to build a ID string about the */ +/* encrypted connecion within TLS */ +/* */ +/********************************************************/ +PUBLIC char *tls_getcipherid(TLSTYP *tls) + +{ +#define OPEP "unitls.c:tls_getcipherid," +#define MXID 72 + +char *cipherid; +const SSL_CIPHER *cipher; +const char *version; +const char *name; +const char *verif; +int bits; +int phase; +_Bool proceed; + +cipherid=(char *)0; +cipher=(const SSL_CIPHER *)0; +version=(char *)0; +name=(char *)0; +verif=(char *)0; +bits=0; +phase=0; +proceed=true; +while (proceed==true) { + switch (phase) { + case 0 : //do we have a TLS + if ((tls==(TLSTYP *)0)||(tls->ssl==(SSL *)0)) { + (void) rou_alert(0,"%s TLS or SSL NULL (Bug?)",OPEP); + phase=999; + } + break; + case 1 : //do we have a TLS + if ((cipher=SSL_get_current_cipher(tls->ssl))==(const SSL_CIPHER *)0) { + (void) rou_alert(0,"%s Unable to get cypher (BUg?)",OPEP); + phase=999; + } + break; + case 2 : //do we have a TLS + version=SSL_CIPHER_get_version(cipher); + name=SSL_CIPHER_get_name(cipher); + bits=SSL_CIPHER_get_bits(cipher,0); + if (strcmp(version,"SSLv3")==0) + version="TLSv1/SSLv3"; + break; + case 3 : //set verify mode + switch(SSL_get_verify_mode(tls->ssl)) { + case SSL_VERIFY_PEER : + //No break + case SSL_VERIFY_CLIENT_ONCE : + //No break + case (SSL_VERIFY_NONE) : + switch(SSL_get_verify_result(tls->ssl)) { + case (X509_V_OK) : + verif="OK"; + break; + default : + verif="FAIL"; + break; + } + break; + default : + verif="NO"; + break; + } + break; + case 4 : //we have ALL data + cipherid=(char *)calloc(1,MXID); + (void) snprintf(cipherid,MXID,"version=%s cipher=%s bits=%d verify=%s", + version,name,bits,verif); + (void) rou_alert(0,"%s cipherid=<%s>",OPEP,cipherid); + break; + default : //SAFE Guard + proceed=false; + break; + } + phase++; + } +return cipherid; +#undef MXID +#undef OPEP +} +/* +^L +*/ +/********************************************************/ +/* */ /* Procedure to verify remote certificate */ /* */ /********************************************************/ diff --git a/lib/unitls.h b/lib/unitls.h index 2292bee..5a05281 100644 --- a/lib/unitls.h +++ b/lib/unitls.h @@ -26,6 +26,10 @@ typedef struct { SSL *ssl; //SSL link }TLSTYP; +//procedure to report ll information about +//the TLS channel +extern char *tls_getcipherid(TLSTYP *tls); + //procedure to verify certificate linked to TLS channel extern _Bool tls_verify(TLSTYP *tls); -- 2.47.3