int sslVerifyRtn( char *whichSide, // "client" or "server" OSStatus expectRtn, OSStatus gotRtn) { if(expectRtn == gotRtn) { return 0; } printf("***%s: Expected return %s; got %s\n", whichSide, sslGetSSLErrString(expectRtn), sslGetSSLErrString(gotRtn)); return 1; }
/* snag a copy of current connection's peer certs so we can * examine them later after the connection is closed */ static OSStatus copyPeerCerts( SSLContext *ctx, CFArrayRef *peerCerts) // mallocd & RETURNED { OSStatus ortn = SSLGetPeerCertificates(ctx, peerCerts); if(ortn) { printf("***Error obtaining peer certs: %s\n", sslGetSSLErrString(ortn)); } return ortn; }
void sslShowResult( char *whichSide, // "client" or "server" SslAppTestParams *params) { printf("%s status:\n", whichSide); if(params->acceptedProts) { printf(" Allowed SSL versions : %s\n", params->acceptedProts); } else { printf(" Attempted SSL version : %s\n", sslGetProtocolVersionString(params->tryVersion)); } printf(" Result : %s\n", sslGetSSLErrString(params->ortn)); printf(" Negotiated SSL version : %s\n", sslGetProtocolVersionString(params->negVersion)); printf(" Negotiated CipherSuite : %s\n", sslGetCipherSuiteString(params->negCipher)); if(params->certState != kSSLClientCertNone) { printf(" Client Cert State : %s\n", sslGetClientCertStateString(params->certState)); } }
static void showSSLResult( SSLProtocol tryVersion, OSStatus err, SSLProtocol negVersion, SSLCipherSuite negCipher, CFArrayRef peerCerts, CSSM_BOOL displayPeerCerts, char *fileBase) // non-NULL: write certs to file { CFIndex numPeerCerts; printf("\n"); printf(" Attempted SSL version : %s\n", sslGetProtocolVersionString(tryVersion)); printf(" Result : %s\n", sslGetSSLErrString(err)); printf(" Negotiated SSL version : %s\n", sslGetProtocolVersionString(negVersion)); printf(" Negotiated CipherSuite : %s\n", sslGetCipherSuiteString(negCipher)); if(peerCerts == NULL) { numPeerCerts = 0; } else { numPeerCerts = CFArrayGetCount(peerCerts); } printf(" Number of peer certs : %d\n", numPeerCerts); if(numPeerCerts != 0) { if(displayPeerCerts) { showPeerCerts(peerCerts, CSSM_FALSE); } if(fileBase != NULL) { writePeerCerts(peerCerts, fileBase); } } printf("\n"); }
static void showSSLResult( SSLProtocol tryVersion, char *acceptedProts, OSStatus err, SSLProtocol negVersion, SSLCipherSuite negCipher, Boolean sessionWasResumed, unsigned char *sessionID, size_t sessionIDLength, CFArrayRef peerCerts, bool displayPeerCerts, SSLClientCertificateState certState, char *fileBase) // non-NULL: write certs to file { CFIndex numPeerCerts; printf("\n"); if(acceptedProts) { printf(" Allowed SSL versions : %s\n", acceptedProts); } else { printf(" Attempted SSL version : %s\n", sslGetProtocolVersionString(tryVersion)); } printf(" Result : %s\n", sslGetSSLErrString(err)); printf(" Negotiated SSL version : %s\n", sslGetProtocolVersionString(negVersion)); printf(" Negotiated CipherSuite : %s\n", sslGetCipherSuiteString(negCipher)); if(certState != kSSLClientCertNone) { printf(" Client Cert State : %s\n", sslGetClientCertStateString(certState)); } printf(" Resumed Session : "); if(sessionWasResumed) { for(unsigned dex=0; dex<sessionIDLength; dex++) { printf("%02X ", sessionID[dex]); if(((dex % 8) == 7) && (dex != (sessionIDLength - 1))) { printf("\n "); } } printf("\n"); } else { printf("NOT RESUMED\n"); } if(peerCerts == NULL) { numPeerCerts = 0; } else { numPeerCerts = CFArrayGetCount(peerCerts); } printf(" Number of peer certs : %lu\n", numPeerCerts); if(numPeerCerts != 0) { if(displayPeerCerts) { showPeerCerts(peerCerts, false); } if(fileBase != NULL) { writePeerCerts(peerCerts, fileBase); } } printf("\n"); }
void printSslErrStr( const char *op, OSStatus err) { printf("*** %s: %s\n", op, sslGetSSLErrString(err)); }