ssl_stat.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388
  1. /*
  2. * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright 2005 Nokia. All rights reserved.
  4. *
  5. * Licensed under the Apache License 2.0 (the "License"). You may not use
  6. * this file except in compliance with the License. You can obtain a copy
  7. * in the file LICENSE in the source distribution or at
  8. * https://www.openssl.org/source/license.html
  9. */
  10. #include <stdio.h>
  11. #include "ssl_local.h"
  12. const char *SSL_state_string_long(const SSL *s)
  13. {
  14. if (ossl_statem_in_error(s))
  15. return "error";
  16. switch (SSL_get_state(s)) {
  17. case TLS_ST_CR_CERT_STATUS:
  18. return "SSLv3/TLS read certificate status";
  19. case TLS_ST_CW_NEXT_PROTO:
  20. return "SSLv3/TLS write next proto";
  21. case TLS_ST_SR_NEXT_PROTO:
  22. return "SSLv3/TLS read next proto";
  23. case TLS_ST_SW_CERT_STATUS:
  24. return "SSLv3/TLS write certificate status";
  25. case TLS_ST_BEFORE:
  26. return "before SSL initialization";
  27. case TLS_ST_OK:
  28. return "SSL negotiation finished successfully";
  29. case TLS_ST_CW_CLNT_HELLO:
  30. return "SSLv3/TLS write client hello";
  31. case TLS_ST_CR_SRVR_HELLO:
  32. return "SSLv3/TLS read server hello";
  33. case TLS_ST_CR_CERT:
  34. return "SSLv3/TLS read server certificate";
  35. case TLS_ST_CR_KEY_EXCH:
  36. return "SSLv3/TLS read server key exchange";
  37. case TLS_ST_CR_CERT_REQ:
  38. return "SSLv3/TLS read server certificate request";
  39. case TLS_ST_CR_SESSION_TICKET:
  40. return "SSLv3/TLS read server session ticket";
  41. case TLS_ST_CR_SRVR_DONE:
  42. return "SSLv3/TLS read server done";
  43. case TLS_ST_CW_CERT:
  44. return "SSLv3/TLS write client certificate";
  45. case TLS_ST_CW_KEY_EXCH:
  46. return "SSLv3/TLS write client key exchange";
  47. case TLS_ST_CW_CERT_VRFY:
  48. return "SSLv3/TLS write certificate verify";
  49. case TLS_ST_CW_CHANGE:
  50. case TLS_ST_SW_CHANGE:
  51. return "SSLv3/TLS write change cipher spec";
  52. case TLS_ST_CW_FINISHED:
  53. case TLS_ST_SW_FINISHED:
  54. return "SSLv3/TLS write finished";
  55. case TLS_ST_CR_CHANGE:
  56. case TLS_ST_SR_CHANGE:
  57. return "SSLv3/TLS read change cipher spec";
  58. case TLS_ST_CR_FINISHED:
  59. case TLS_ST_SR_FINISHED:
  60. return "SSLv3/TLS read finished";
  61. case TLS_ST_SR_CLNT_HELLO:
  62. return "SSLv3/TLS read client hello";
  63. case TLS_ST_SW_HELLO_REQ:
  64. return "SSLv3/TLS write hello request";
  65. case TLS_ST_SW_SRVR_HELLO:
  66. return "SSLv3/TLS write server hello";
  67. case TLS_ST_SW_CERT:
  68. return "SSLv3/TLS write certificate";
  69. case TLS_ST_SW_KEY_EXCH:
  70. return "SSLv3/TLS write key exchange";
  71. case TLS_ST_SW_CERT_REQ:
  72. return "SSLv3/TLS write certificate request";
  73. case TLS_ST_SW_SESSION_TICKET:
  74. return "SSLv3/TLS write session ticket";
  75. case TLS_ST_SW_SRVR_DONE:
  76. return "SSLv3/TLS write server done";
  77. case TLS_ST_SR_CERT:
  78. return "SSLv3/TLS read client certificate";
  79. case TLS_ST_SR_KEY_EXCH:
  80. return "SSLv3/TLS read client key exchange";
  81. case TLS_ST_SR_CERT_VRFY:
  82. return "SSLv3/TLS read certificate verify";
  83. case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
  84. return "DTLS1 read hello verify request";
  85. case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
  86. return "DTLS1 write hello verify request";
  87. case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
  88. return "TLSv1.3 write encrypted extensions";
  89. case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
  90. return "TLSv1.3 read encrypted extensions";
  91. case TLS_ST_CR_CERT_VRFY:
  92. return "TLSv1.3 read server certificate verify";
  93. case TLS_ST_SW_CERT_VRFY:
  94. return "TLSv1.3 write server certificate verify";
  95. case TLS_ST_CR_HELLO_REQ:
  96. return "SSLv3/TLS read hello request";
  97. case TLS_ST_SW_KEY_UPDATE:
  98. return "TLSv1.3 write server key update";
  99. case TLS_ST_CW_KEY_UPDATE:
  100. return "TLSv1.3 write client key update";
  101. case TLS_ST_SR_KEY_UPDATE:
  102. return "TLSv1.3 read client key update";
  103. case TLS_ST_CR_KEY_UPDATE:
  104. return "TLSv1.3 read server key update";
  105. case TLS_ST_EARLY_DATA:
  106. return "TLSv1.3 early data";
  107. case TLS_ST_PENDING_EARLY_DATA_END:
  108. return "TLSv1.3 pending early data end";
  109. case TLS_ST_CW_END_OF_EARLY_DATA:
  110. return "TLSv1.3 write end of early data";
  111. case TLS_ST_SR_END_OF_EARLY_DATA:
  112. return "TLSv1.3 read end of early data";
  113. default:
  114. return "unknown state";
  115. }
  116. }
  117. const char *SSL_state_string(const SSL *s)
  118. {
  119. if (ossl_statem_in_error(s))
  120. return "SSLERR";
  121. switch (SSL_get_state(s)) {
  122. case TLS_ST_SR_NEXT_PROTO:
  123. return "TRNP";
  124. case TLS_ST_SW_SESSION_TICKET:
  125. return "TWST";
  126. case TLS_ST_SW_CERT_STATUS:
  127. return "TWCS";
  128. case TLS_ST_CR_CERT_STATUS:
  129. return "TRCS";
  130. case TLS_ST_CR_SESSION_TICKET:
  131. return "TRST";
  132. case TLS_ST_CW_NEXT_PROTO:
  133. return "TWNP";
  134. case TLS_ST_BEFORE:
  135. return "PINIT ";
  136. case TLS_ST_OK:
  137. return "SSLOK ";
  138. case TLS_ST_CW_CLNT_HELLO:
  139. return "TWCH";
  140. case TLS_ST_CR_SRVR_HELLO:
  141. return "TRSH";
  142. case TLS_ST_CR_CERT:
  143. return "TRSC";
  144. case TLS_ST_CR_KEY_EXCH:
  145. return "TRSKE";
  146. case TLS_ST_CR_CERT_REQ:
  147. return "TRCR";
  148. case TLS_ST_CR_SRVR_DONE:
  149. return "TRSD";
  150. case TLS_ST_CW_CERT:
  151. return "TWCC";
  152. case TLS_ST_CW_KEY_EXCH:
  153. return "TWCKE";
  154. case TLS_ST_CW_CERT_VRFY:
  155. return "TWCV";
  156. case TLS_ST_SW_CHANGE:
  157. case TLS_ST_CW_CHANGE:
  158. return "TWCCS";
  159. case TLS_ST_SW_FINISHED:
  160. case TLS_ST_CW_FINISHED:
  161. return "TWFIN";
  162. case TLS_ST_SR_CHANGE:
  163. case TLS_ST_CR_CHANGE:
  164. return "TRCCS";
  165. case TLS_ST_SR_FINISHED:
  166. case TLS_ST_CR_FINISHED:
  167. return "TRFIN";
  168. case TLS_ST_SW_HELLO_REQ:
  169. return "TWHR";
  170. case TLS_ST_SR_CLNT_HELLO:
  171. return "TRCH";
  172. case TLS_ST_SW_SRVR_HELLO:
  173. return "TWSH";
  174. case TLS_ST_SW_CERT:
  175. return "TWSC";
  176. case TLS_ST_SW_KEY_EXCH:
  177. return "TWSKE";
  178. case TLS_ST_SW_CERT_REQ:
  179. return "TWCR";
  180. case TLS_ST_SW_SRVR_DONE:
  181. return "TWSD";
  182. case TLS_ST_SR_CERT:
  183. return "TRCC";
  184. case TLS_ST_SR_KEY_EXCH:
  185. return "TRCKE";
  186. case TLS_ST_SR_CERT_VRFY:
  187. return "TRCV";
  188. case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
  189. return "DRCHV";
  190. case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
  191. return "DWCHV";
  192. case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
  193. return "TWEE";
  194. case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
  195. return "TREE";
  196. case TLS_ST_CR_CERT_VRFY:
  197. return "TRSCV";
  198. case TLS_ST_SW_CERT_VRFY:
  199. return "TRSCV";
  200. case TLS_ST_CR_HELLO_REQ:
  201. return "TRHR";
  202. case TLS_ST_SW_KEY_UPDATE:
  203. return "TWSKU";
  204. case TLS_ST_CW_KEY_UPDATE:
  205. return "TWCKU";
  206. case TLS_ST_SR_KEY_UPDATE:
  207. return "TRCKU";
  208. case TLS_ST_CR_KEY_UPDATE:
  209. return "TRSKU";
  210. case TLS_ST_EARLY_DATA:
  211. return "TED";
  212. case TLS_ST_PENDING_EARLY_DATA_END:
  213. return "TPEDE";
  214. case TLS_ST_CW_END_OF_EARLY_DATA:
  215. return "TWEOED";
  216. case TLS_ST_SR_END_OF_EARLY_DATA:
  217. return "TWEOED";
  218. default:
  219. return "UNKWN ";
  220. }
  221. }
  222. const char *SSL_alert_type_string_long(int value)
  223. {
  224. switch (value >> 8) {
  225. case SSL3_AL_WARNING:
  226. return "warning";
  227. case SSL3_AL_FATAL:
  228. return "fatal";
  229. default:
  230. return "unknown";
  231. }
  232. }
  233. const char *SSL_alert_type_string(int value)
  234. {
  235. switch (value >> 8) {
  236. case SSL3_AL_WARNING:
  237. return "W";
  238. case SSL3_AL_FATAL:
  239. return "F";
  240. default:
  241. return "U";
  242. }
  243. }
  244. const char *SSL_alert_desc_string(int value)
  245. {
  246. switch (value & 0xff) {
  247. case SSL3_AD_CLOSE_NOTIFY:
  248. return "CN";
  249. case SSL3_AD_UNEXPECTED_MESSAGE:
  250. return "UM";
  251. case SSL3_AD_BAD_RECORD_MAC:
  252. return "BM";
  253. case SSL3_AD_DECOMPRESSION_FAILURE:
  254. return "DF";
  255. case SSL3_AD_HANDSHAKE_FAILURE:
  256. return "HF";
  257. case SSL3_AD_NO_CERTIFICATE:
  258. return "NC";
  259. case SSL3_AD_BAD_CERTIFICATE:
  260. return "BC";
  261. case SSL3_AD_UNSUPPORTED_CERTIFICATE:
  262. return "UC";
  263. case SSL3_AD_CERTIFICATE_REVOKED:
  264. return "CR";
  265. case SSL3_AD_CERTIFICATE_EXPIRED:
  266. return "CE";
  267. case SSL3_AD_CERTIFICATE_UNKNOWN:
  268. return "CU";
  269. case SSL3_AD_ILLEGAL_PARAMETER:
  270. return "IP";
  271. case TLS1_AD_DECRYPTION_FAILED:
  272. return "DC";
  273. case TLS1_AD_RECORD_OVERFLOW:
  274. return "RO";
  275. case TLS1_AD_UNKNOWN_CA:
  276. return "CA";
  277. case TLS1_AD_ACCESS_DENIED:
  278. return "AD";
  279. case TLS1_AD_DECODE_ERROR:
  280. return "DE";
  281. case TLS1_AD_DECRYPT_ERROR:
  282. return "CY";
  283. case TLS1_AD_EXPORT_RESTRICTION:
  284. return "ER";
  285. case TLS1_AD_PROTOCOL_VERSION:
  286. return "PV";
  287. case TLS1_AD_INSUFFICIENT_SECURITY:
  288. return "IS";
  289. case TLS1_AD_INTERNAL_ERROR:
  290. return "IE";
  291. case TLS1_AD_USER_CANCELLED:
  292. return "US";
  293. case TLS1_AD_NO_RENEGOTIATION:
  294. return "NR";
  295. case TLS1_AD_UNSUPPORTED_EXTENSION:
  296. return "UE";
  297. case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
  298. return "CO";
  299. case TLS1_AD_UNRECOGNIZED_NAME:
  300. return "UN";
  301. case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
  302. return "BR";
  303. case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
  304. return "BH";
  305. case TLS1_AD_UNKNOWN_PSK_IDENTITY:
  306. return "UP";
  307. default:
  308. return "UK";
  309. }
  310. }
  311. const char *SSL_alert_desc_string_long(int value)
  312. {
  313. switch (value & 0xff) {
  314. case SSL3_AD_CLOSE_NOTIFY:
  315. return "close notify";
  316. case SSL3_AD_UNEXPECTED_MESSAGE:
  317. return "unexpected_message";
  318. case SSL3_AD_BAD_RECORD_MAC:
  319. return "bad record mac";
  320. case SSL3_AD_DECOMPRESSION_FAILURE:
  321. return "decompression failure";
  322. case SSL3_AD_HANDSHAKE_FAILURE:
  323. return "handshake failure";
  324. case SSL3_AD_NO_CERTIFICATE:
  325. return "no certificate";
  326. case SSL3_AD_BAD_CERTIFICATE:
  327. return "bad certificate";
  328. case SSL3_AD_UNSUPPORTED_CERTIFICATE:
  329. return "unsupported certificate";
  330. case SSL3_AD_CERTIFICATE_REVOKED:
  331. return "certificate revoked";
  332. case SSL3_AD_CERTIFICATE_EXPIRED:
  333. return "certificate expired";
  334. case SSL3_AD_CERTIFICATE_UNKNOWN:
  335. return "certificate unknown";
  336. case SSL3_AD_ILLEGAL_PARAMETER:
  337. return "illegal parameter";
  338. case TLS1_AD_DECRYPTION_FAILED:
  339. return "decryption failed";
  340. case TLS1_AD_RECORD_OVERFLOW:
  341. return "record overflow";
  342. case TLS1_AD_UNKNOWN_CA:
  343. return "unknown CA";
  344. case TLS1_AD_ACCESS_DENIED:
  345. return "access denied";
  346. case TLS1_AD_DECODE_ERROR:
  347. return "decode error";
  348. case TLS1_AD_DECRYPT_ERROR:
  349. return "decrypt error";
  350. case TLS1_AD_EXPORT_RESTRICTION:
  351. return "export restriction";
  352. case TLS1_AD_PROTOCOL_VERSION:
  353. return "protocol version";
  354. case TLS1_AD_INSUFFICIENT_SECURITY:
  355. return "insufficient security";
  356. case TLS1_AD_INTERNAL_ERROR:
  357. return "internal error";
  358. case TLS1_AD_USER_CANCELLED:
  359. return "user canceled";
  360. case TLS1_AD_NO_RENEGOTIATION:
  361. return "no renegotiation";
  362. case TLS1_AD_UNSUPPORTED_EXTENSION:
  363. return "unsupported extension";
  364. case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
  365. return "certificate unobtainable";
  366. case TLS1_AD_UNRECOGNIZED_NAME:
  367. return "unrecognized name";
  368. case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
  369. return "bad certificate status response";
  370. case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
  371. return "bad certificate hash value";
  372. case TLS1_AD_UNKNOWN_PSK_IDENTITY:
  373. return "unknown PSK identity";
  374. case TLS1_AD_NO_APPLICATION_PROTOCOL:
  375. return "no application protocol";
  376. default:
  377. return "unknown";
  378. }
  379. }