int sslVerifyRtn(
char *whichSide, // "client" or "server"
OSStatus expectRtn,
OSStatus gotRtn)
{
if(expectRtn == gotRtn) {
return 0;
}
printf("***%s: Expected return %s; got %s\n", whichSide,
sslGetSSLErrString(expectRtn),
sslGetSSLErrString(gotRtn));
return 1;
}
/* snag a copy of current connection's peer certs so we can
* examine them later after the connection is closed */
static OSStatus copyPeerCerts(
SSLContext *ctx,
CFArrayRef *peerCerts) // mallocd & RETURNED
{
OSStatus ortn = SSLGetPeerCertificates(ctx, peerCerts);
if(ortn) {
printf("***Error obtaining peer certs: %s\n",
sslGetSSLErrString(ortn));
}
return ortn;
}
void sslShowResult(
char *whichSide, // "client" or "server"
SslAppTestParams *params)
{
printf("%s status:\n", whichSide);
if(params->acceptedProts) {
printf(" Allowed SSL versions : %s\n", params->acceptedProts);
}
else {
printf(" Attempted SSL version : %s\n",
sslGetProtocolVersionString(params->tryVersion));
}
printf(" Result : %s\n", sslGetSSLErrString(params->ortn));
printf(" Negotiated SSL version : %s\n",
sslGetProtocolVersionString(params->negVersion));
printf(" Negotiated CipherSuite : %s\n",
sslGetCipherSuiteString(params->negCipher));
if(params->certState != kSSLClientCertNone) {
printf(" Client Cert State : %s\n",
sslGetClientCertStateString(params->certState));
}
}
static void showSSLResult(
SSLProtocol tryVersion,
OSStatus err,
SSLProtocol negVersion,
SSLCipherSuite negCipher,
CFArrayRef peerCerts,
CSSM_BOOL displayPeerCerts,
char *fileBase) // non-NULL: write certs to file
{
CFIndex numPeerCerts;
printf("\n");
printf(" Attempted SSL version : %s\n",
sslGetProtocolVersionString(tryVersion));
printf(" Result : %s\n", sslGetSSLErrString(err));
printf(" Negotiated SSL version : %s\n",
sslGetProtocolVersionString(negVersion));
printf(" Negotiated CipherSuite : %s\n",
sslGetCipherSuiteString(negCipher));
if(peerCerts == NULL) {
numPeerCerts = 0;
}
else {
numPeerCerts = CFArrayGetCount(peerCerts);
}
printf(" Number of peer certs : %d\n", numPeerCerts);
if(numPeerCerts != 0) {
if(displayPeerCerts) {
showPeerCerts(peerCerts, CSSM_FALSE);
}
if(fileBase != NULL) {
writePeerCerts(peerCerts, fileBase);
}
}
printf("\n");
}
static void showSSLResult(
SSLProtocol tryVersion,
char *acceptedProts,
OSStatus err,
SSLProtocol negVersion,
SSLCipherSuite negCipher,
Boolean sessionWasResumed,
unsigned char *sessionID,
size_t sessionIDLength,
CFArrayRef peerCerts,
bool displayPeerCerts,
SSLClientCertificateState certState,
char *fileBase) // non-NULL: write certs to file
{
CFIndex numPeerCerts;
printf("\n");
if(acceptedProts) {
printf(" Allowed SSL versions : %s\n", acceptedProts);
}
else {
printf(" Attempted SSL version : %s\n",
sslGetProtocolVersionString(tryVersion));
}
printf(" Result : %s\n", sslGetSSLErrString(err));
printf(" Negotiated SSL version : %s\n",
sslGetProtocolVersionString(negVersion));
printf(" Negotiated CipherSuite : %s\n",
sslGetCipherSuiteString(negCipher));
if(certState != kSSLClientCertNone) {
printf(" Client Cert State : %s\n",
sslGetClientCertStateString(certState));
}
printf(" Resumed Session : ");
if(sessionWasResumed) {
for(unsigned dex=0; dex<sessionIDLength; dex++) {
printf("%02X ", sessionID[dex]);
if(((dex % 8) == 7) && (dex != (sessionIDLength - 1))) {
printf("\n ");
}
}
printf("\n");
}
else {
printf("NOT RESUMED\n");
}
if(peerCerts == NULL) {
numPeerCerts = 0;
}
else {
numPeerCerts = CFArrayGetCount(peerCerts);
}
printf(" Number of peer certs : %lu\n", numPeerCerts);
if(numPeerCerts != 0) {
if(displayPeerCerts) {
showPeerCerts(peerCerts, false);
}
if(fileBase != NULL) {
writePeerCerts(peerCerts, fileBase);
}
}
printf("\n");
}
void printSslErrStr(
const char *op,
OSStatus err)
{
printf("*** %s: %s\n", op, sslGetSSLErrString(err));
}
