commit e7f8ff43826494896548d054ee8dbb96367f00af
author Dr. Stephen Henson <steve@openssl.org> Tue Mar 06 14:28:21 2012 +0000
committer Dr. Stephen Henson <steve@openssl.org> Tue Mar 06 14:28:21 2012 +0000
tree f2737a5b558ec42d404ae2d5a2676de7593bd965
parent 62b6948a2710c2a095b87b0b9c4b89f7b23246a9

New ctrls to retrieve supported signature algorithms and curves and
extensions to s_client and s_server to print out retrieved valued.

Extend CERT structure to cache supported signature algorithm data.

apps/s_apps.h

diff --git a/apps/s_apps.h b/apps/s_apps.h
index 820e5c5..39a11d9 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -155,6 +155,8 @@
 #ifdef HEADER_SSL_H
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
+int ssl_print_sigalgs(BIO *out, SSL *s);
+int ssl_print_curves(BIO *out, SSL *s);
 #endif
 int init_client(int *sock, char *server, int port, int type);
 int should_retry(int i);

apps/s_cb.c

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 38eae7f..7eaffa8 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -278,6 +278,77 @@
 	return 1;
 	}
 
+int ssl_print_sigalgs(BIO *out, SSL *s)
+	{
+	int i, nsig;
+	nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
+	if (nsig == 0)
+		return 1;
+
+	BIO_puts(out, "Signature Algorithms: ");
+	for (i = 0; i < nsig; i++)
+		{
+		int hash_nid, sign_nid;
+		unsigned char rhash, rsign;
+		const char *sstr = NULL;
+		SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
+							&rsign, &rhash);
+		if (i)
+			BIO_puts(out, ":");
+		if (sign_nid == EVP_PKEY_RSA)
+			sstr = "RSA";
+		else if(sign_nid == EVP_PKEY_DSA)
+			sstr = "DSA";
+		else if(sign_nid == EVP_PKEY_EC)
+			sstr = "ECDSA";
+		if (sstr)
+			BIO_printf(out,"%s+", sstr);
+		else
+			BIO_printf(out,"0x%02X+", (int)rsign);
+		if (hash_nid != NID_undef)
+			BIO_printf(out, "%s", OBJ_nid2sn(hash_nid));
+		else
+			BIO_printf(out,"0x%02X", (int)rhash);
+		}
+	BIO_puts(out, "\n");
+	return 1;
+	}
+
+int ssl_print_curves(BIO *out, SSL *s)
+	{
+	int i, ncurves, *curves;
+	ncurves = SSL_get1_curvelist(s, NULL);
+	if (ncurves <= 0)
+		return 1;
+	curves = OPENSSL_malloc(ncurves * sizeof(int));
+	SSL_get1_curvelist(s, curves);
+
+	BIO_puts(out, "Supported Elliptic Curves: ");
+	for (i = 0; i < ncurves; i++)
+		{
+		int nid;
+		const char *cname;
+		if (i)
+			BIO_puts(out, ":");
+		nid = curves[i];
+		/* If unrecognised print out hex version */
+		if (nid & TLSEXT_nid_unknown)
+			BIO_printf(out, "0x%04X", nid & 0xFFFF);
+		else
+			{
+			/* Use NIST name for curve if it exists */
+			cname = EC_curve_nid2nist(nid);
+			if (!cname)
+				cname = OBJ_nid2sn(nid);
+			BIO_printf(out, "%s", cname);
+			}
+		}
+	BIO_puts(out, "\n");
+	OPENSSL_free(curves);
+	return 1;
+	}
+
+
 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
 				   int argi, long argl, long ret)
 	{

apps/s_client.c

diff --git a/apps/s_client.c b/apps/s_client.c
index 7f38971..ce199be 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2018,6 +2018,8 @@
 			BIO_write(bio,"\n",1);
 			}
 
+		ssl_print_sigalgs(bio, s);
+
 		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
 			BIO_number_read(SSL_get_rbio(s)),
 			BIO_number_written(SSL_get_wbio(s)));

apps/s_server.c

diff --git a/apps/s_server.c b/apps/s_server.c
index 1f4b85b..4603cda 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2472,7 +2472,10 @@
 	if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
 		BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
 	str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
+	ssl_print_sigalgs(bio_s_out, con);
+	ssl_print_curves(bio_s_out, con);
 	BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
+
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
 	SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
 	if (next_proto_neg)
@@ -2806,6 +2809,8 @@
 					}
 				BIO_puts(io,"\n");
 				}
+			ssl_print_sigalgs(io, con);
+			ssl_print_curves(io, con);
 			BIO_printf(io,(SSL_cache_hit(con)
 				?"---\nReused, "
 				:"---\nNew, "));