ssl_stat.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408
  1. /*
  2. * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright 2005 Nokia. All rights reserved.
  4. *
  5. * Licensed under the Apache License 2.0 (the "License"). You may not use
  6. * this file except in compliance with the License. You can obtain a copy
  7. * in the file LICENSE in the source distribution or at
  8. * https://www.openssl.org/source/license.html
  9. */
  10. #include <stdio.h>
  11. #include "ssl_local.h"
  12. const char *SSL_state_string_long(const SSL *s)
  13. {
  14. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  15. if (sc == NULL || ossl_statem_in_error(sc))
  16. return "error";
  17. switch (SSL_get_state(s)) {
  18. case TLS_ST_CR_CERT_STATUS:
  19. return "SSLv3/TLS read certificate status";
  20. case TLS_ST_CW_NEXT_PROTO:
  21. return "SSLv3/TLS write next proto";
  22. case TLS_ST_SR_NEXT_PROTO:
  23. return "SSLv3/TLS read next proto";
  24. case TLS_ST_SW_CERT_STATUS:
  25. return "SSLv3/TLS write certificate status";
  26. case TLS_ST_BEFORE:
  27. return "before SSL initialization";
  28. case TLS_ST_OK:
  29. return "SSL negotiation finished successfully";
  30. case TLS_ST_CW_CLNT_HELLO:
  31. return "SSLv3/TLS write client hello";
  32. case TLS_ST_CR_SRVR_HELLO:
  33. return "SSLv3/TLS read server hello";
  34. case TLS_ST_CR_CERT:
  35. return "SSLv3/TLS read server certificate";
  36. case TLS_ST_CR_COMP_CERT:
  37. return "TLSv1.3 read server compressed certificate";
  38. case TLS_ST_CR_KEY_EXCH:
  39. return "SSLv3/TLS read server key exchange";
  40. case TLS_ST_CR_CERT_REQ:
  41. return "SSLv3/TLS read server certificate request";
  42. case TLS_ST_CR_SESSION_TICKET:
  43. return "SSLv3/TLS read server session ticket";
  44. case TLS_ST_CR_SRVR_DONE:
  45. return "SSLv3/TLS read server done";
  46. case TLS_ST_CW_CERT:
  47. return "SSLv3/TLS write client certificate";
  48. case TLS_ST_CW_COMP_CERT:
  49. return "TLSv1.3 write client compressed certificate";
  50. case TLS_ST_CW_KEY_EXCH:
  51. return "SSLv3/TLS write client key exchange";
  52. case TLS_ST_CW_CERT_VRFY:
  53. return "SSLv3/TLS write certificate verify";
  54. case TLS_ST_CW_CHANGE:
  55. case TLS_ST_SW_CHANGE:
  56. return "SSLv3/TLS write change cipher spec";
  57. case TLS_ST_CW_FINISHED:
  58. case TLS_ST_SW_FINISHED:
  59. return "SSLv3/TLS write finished";
  60. case TLS_ST_CR_CHANGE:
  61. case TLS_ST_SR_CHANGE:
  62. return "SSLv3/TLS read change cipher spec";
  63. case TLS_ST_CR_FINISHED:
  64. case TLS_ST_SR_FINISHED:
  65. return "SSLv3/TLS read finished";
  66. case TLS_ST_SR_CLNT_HELLO:
  67. return "SSLv3/TLS read client hello";
  68. case TLS_ST_SW_HELLO_REQ:
  69. return "SSLv3/TLS write hello request";
  70. case TLS_ST_SW_SRVR_HELLO:
  71. return "SSLv3/TLS write server hello";
  72. case TLS_ST_SW_CERT:
  73. return "SSLv3/TLS write certificate";
  74. case TLS_ST_SW_COMP_CERT:
  75. return "TLSv1.3 write server compressed certificate";
  76. case TLS_ST_SW_KEY_EXCH:
  77. return "SSLv3/TLS write key exchange";
  78. case TLS_ST_SW_CERT_REQ:
  79. return "SSLv3/TLS write certificate request";
  80. case TLS_ST_SW_SESSION_TICKET:
  81. return "SSLv3/TLS write session ticket";
  82. case TLS_ST_SW_SRVR_DONE:
  83. return "SSLv3/TLS write server done";
  84. case TLS_ST_SR_CERT:
  85. return "SSLv3/TLS read client certificate";
  86. case TLS_ST_SR_COMP_CERT:
  87. return "TLSv1.3 read client compressed certificate";
  88. case TLS_ST_SR_KEY_EXCH:
  89. return "SSLv3/TLS read client key exchange";
  90. case TLS_ST_SR_CERT_VRFY:
  91. return "SSLv3/TLS read certificate verify";
  92. case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
  93. return "DTLS1 read hello verify request";
  94. case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
  95. return "DTLS1 write hello verify request";
  96. case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
  97. return "TLSv1.3 write encrypted extensions";
  98. case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
  99. return "TLSv1.3 read encrypted extensions";
  100. case TLS_ST_CR_CERT_VRFY:
  101. return "TLSv1.3 read server certificate verify";
  102. case TLS_ST_SW_CERT_VRFY:
  103. return "TLSv1.3 write server certificate verify";
  104. case TLS_ST_CR_HELLO_REQ:
  105. return "SSLv3/TLS read hello request";
  106. case TLS_ST_SW_KEY_UPDATE:
  107. return "TLSv1.3 write server key update";
  108. case TLS_ST_CW_KEY_UPDATE:
  109. return "TLSv1.3 write client key update";
  110. case TLS_ST_SR_KEY_UPDATE:
  111. return "TLSv1.3 read client key update";
  112. case TLS_ST_CR_KEY_UPDATE:
  113. return "TLSv1.3 read server key update";
  114. case TLS_ST_EARLY_DATA:
  115. return "TLSv1.3 early data";
  116. case TLS_ST_PENDING_EARLY_DATA_END:
  117. return "TLSv1.3 pending early data end";
  118. case TLS_ST_CW_END_OF_EARLY_DATA:
  119. return "TLSv1.3 write end of early data";
  120. case TLS_ST_SR_END_OF_EARLY_DATA:
  121. return "TLSv1.3 read end of early data";
  122. default:
  123. return "unknown state";
  124. }
  125. }
  126. const char *SSL_state_string(const SSL *s)
  127. {
  128. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  129. if (sc == NULL || ossl_statem_in_error(sc))
  130. return "SSLERR";
  131. switch (SSL_get_state(s)) {
  132. case TLS_ST_SR_NEXT_PROTO:
  133. return "TRNP";
  134. case TLS_ST_SW_SESSION_TICKET:
  135. return "TWST";
  136. case TLS_ST_SW_CERT_STATUS:
  137. return "TWCS";
  138. case TLS_ST_CR_CERT_STATUS:
  139. return "TRCS";
  140. case TLS_ST_CR_SESSION_TICKET:
  141. return "TRST";
  142. case TLS_ST_CW_NEXT_PROTO:
  143. return "TWNP";
  144. case TLS_ST_BEFORE:
  145. return "PINIT";
  146. case TLS_ST_OK:
  147. return "SSLOK";
  148. case TLS_ST_CW_CLNT_HELLO:
  149. return "TWCH";
  150. case TLS_ST_CR_SRVR_HELLO:
  151. return "TRSH";
  152. case TLS_ST_CR_CERT:
  153. return "TRSC";
  154. case TLS_ST_CR_COMP_CERT:
  155. return "TRSCC";
  156. case TLS_ST_CR_KEY_EXCH:
  157. return "TRSKE";
  158. case TLS_ST_CR_CERT_REQ:
  159. return "TRCR";
  160. case TLS_ST_CR_SRVR_DONE:
  161. return "TRSD";
  162. case TLS_ST_CW_CERT:
  163. return "TWCC";
  164. case TLS_ST_CW_COMP_CERT:
  165. return "TWCCC";
  166. case TLS_ST_CW_KEY_EXCH:
  167. return "TWCKE";
  168. case TLS_ST_CW_CERT_VRFY:
  169. return "TWCV";
  170. case TLS_ST_SW_CHANGE:
  171. case TLS_ST_CW_CHANGE:
  172. return "TWCCS";
  173. case TLS_ST_SW_FINISHED:
  174. case TLS_ST_CW_FINISHED:
  175. return "TWFIN";
  176. case TLS_ST_SR_CHANGE:
  177. case TLS_ST_CR_CHANGE:
  178. return "TRCCS";
  179. case TLS_ST_SR_FINISHED:
  180. case TLS_ST_CR_FINISHED:
  181. return "TRFIN";
  182. case TLS_ST_SW_HELLO_REQ:
  183. return "TWHR";
  184. case TLS_ST_SR_CLNT_HELLO:
  185. return "TRCH";
  186. case TLS_ST_SW_SRVR_HELLO:
  187. return "TWSH";
  188. case TLS_ST_SW_CERT:
  189. return "TWSC";
  190. case TLS_ST_SW_COMP_CERT:
  191. return "TWSCC";
  192. case TLS_ST_SW_KEY_EXCH:
  193. return "TWSKE";
  194. case TLS_ST_SW_CERT_REQ:
  195. return "TWCR";
  196. case TLS_ST_SW_SRVR_DONE:
  197. return "TWSD";
  198. case TLS_ST_SR_CERT:
  199. return "TRCC";
  200. case TLS_ST_SR_COMP_CERT:
  201. return "TRCCC";
  202. case TLS_ST_SR_KEY_EXCH:
  203. return "TRCKE";
  204. case TLS_ST_SR_CERT_VRFY:
  205. return "TRCV";
  206. case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
  207. return "DRCHV";
  208. case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
  209. return "DWCHV";
  210. case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
  211. return "TWEE";
  212. case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
  213. return "TREE";
  214. case TLS_ST_CR_CERT_VRFY:
  215. return "TRSCV";
  216. case TLS_ST_SW_CERT_VRFY:
  217. return "TWSCV";
  218. case TLS_ST_CR_HELLO_REQ:
  219. return "TRHR";
  220. case TLS_ST_SW_KEY_UPDATE:
  221. return "TWSKU";
  222. case TLS_ST_CW_KEY_UPDATE:
  223. return "TWCKU";
  224. case TLS_ST_SR_KEY_UPDATE:
  225. return "TRCKU";
  226. case TLS_ST_CR_KEY_UPDATE:
  227. return "TRSKU";
  228. case TLS_ST_EARLY_DATA:
  229. return "TED";
  230. case TLS_ST_PENDING_EARLY_DATA_END:
  231. return "TPEDE";
  232. case TLS_ST_CW_END_OF_EARLY_DATA:
  233. return "TWEOED";
  234. case TLS_ST_SR_END_OF_EARLY_DATA:
  235. return "TWEOED";
  236. default:
  237. return "UNKWN";
  238. }
  239. }
  240. const char *SSL_alert_type_string_long(int value)
  241. {
  242. switch (value >> 8) {
  243. case SSL3_AL_WARNING:
  244. return "warning";
  245. case SSL3_AL_FATAL:
  246. return "fatal";
  247. default:
  248. return "unknown";
  249. }
  250. }
  251. const char *SSL_alert_type_string(int value)
  252. {
  253. switch (value >> 8) {
  254. case SSL3_AL_WARNING:
  255. return "W";
  256. case SSL3_AL_FATAL:
  257. return "F";
  258. default:
  259. return "U";
  260. }
  261. }
  262. const char *SSL_alert_desc_string(int value)
  263. {
  264. switch (value & 0xff) {
  265. case SSL3_AD_CLOSE_NOTIFY:
  266. return "CN";
  267. case SSL3_AD_UNEXPECTED_MESSAGE:
  268. return "UM";
  269. case SSL3_AD_BAD_RECORD_MAC:
  270. return "BM";
  271. case SSL3_AD_DECOMPRESSION_FAILURE:
  272. return "DF";
  273. case SSL3_AD_HANDSHAKE_FAILURE:
  274. return "HF";
  275. case SSL3_AD_NO_CERTIFICATE:
  276. return "NC";
  277. case SSL3_AD_BAD_CERTIFICATE:
  278. return "BC";
  279. case SSL3_AD_UNSUPPORTED_CERTIFICATE:
  280. return "UC";
  281. case SSL3_AD_CERTIFICATE_REVOKED:
  282. return "CR";
  283. case SSL3_AD_CERTIFICATE_EXPIRED:
  284. return "CE";
  285. case SSL3_AD_CERTIFICATE_UNKNOWN:
  286. return "CU";
  287. case SSL3_AD_ILLEGAL_PARAMETER:
  288. return "IP";
  289. case TLS1_AD_DECRYPTION_FAILED:
  290. return "DC";
  291. case TLS1_AD_RECORD_OVERFLOW:
  292. return "RO";
  293. case TLS1_AD_UNKNOWN_CA:
  294. return "CA";
  295. case TLS1_AD_ACCESS_DENIED:
  296. return "AD";
  297. case TLS1_AD_DECODE_ERROR:
  298. return "DE";
  299. case TLS1_AD_DECRYPT_ERROR:
  300. return "CY";
  301. case TLS1_AD_EXPORT_RESTRICTION:
  302. return "ER";
  303. case TLS1_AD_PROTOCOL_VERSION:
  304. return "PV";
  305. case TLS1_AD_INSUFFICIENT_SECURITY:
  306. return "IS";
  307. case TLS1_AD_INTERNAL_ERROR:
  308. return "IE";
  309. case TLS1_AD_USER_CANCELLED:
  310. return "US";
  311. case TLS1_AD_NO_RENEGOTIATION:
  312. return "NR";
  313. case TLS1_AD_UNSUPPORTED_EXTENSION:
  314. return "UE";
  315. case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
  316. return "CO";
  317. case TLS1_AD_UNRECOGNIZED_NAME:
  318. return "UN";
  319. case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
  320. return "BR";
  321. case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
  322. return "BH";
  323. case TLS1_AD_UNKNOWN_PSK_IDENTITY:
  324. return "UP";
  325. default:
  326. return "UK";
  327. }
  328. }
  329. const char *SSL_alert_desc_string_long(int value)
  330. {
  331. switch (value & 0xff) {
  332. case SSL3_AD_CLOSE_NOTIFY:
  333. return "close notify";
  334. case SSL3_AD_UNEXPECTED_MESSAGE:
  335. return "unexpected_message";
  336. case SSL3_AD_BAD_RECORD_MAC:
  337. return "bad record mac";
  338. case SSL3_AD_DECOMPRESSION_FAILURE:
  339. return "decompression failure";
  340. case SSL3_AD_HANDSHAKE_FAILURE:
  341. return "handshake failure";
  342. case SSL3_AD_NO_CERTIFICATE:
  343. return "no certificate";
  344. case SSL3_AD_BAD_CERTIFICATE:
  345. return "bad certificate";
  346. case SSL3_AD_UNSUPPORTED_CERTIFICATE:
  347. return "unsupported certificate";
  348. case SSL3_AD_CERTIFICATE_REVOKED:
  349. return "certificate revoked";
  350. case SSL3_AD_CERTIFICATE_EXPIRED:
  351. return "certificate expired";
  352. case SSL3_AD_CERTIFICATE_UNKNOWN:
  353. return "certificate unknown";
  354. case SSL3_AD_ILLEGAL_PARAMETER:
  355. return "illegal parameter";
  356. case TLS1_AD_DECRYPTION_FAILED:
  357. return "decryption failed";
  358. case TLS1_AD_RECORD_OVERFLOW:
  359. return "record overflow";
  360. case TLS1_AD_UNKNOWN_CA:
  361. return "unknown CA";
  362. case TLS1_AD_ACCESS_DENIED:
  363. return "access denied";
  364. case TLS1_AD_DECODE_ERROR:
  365. return "decode error";
  366. case TLS1_AD_DECRYPT_ERROR:
  367. return "decrypt error";
  368. case TLS1_AD_EXPORT_RESTRICTION:
  369. return "export restriction";
  370. case TLS1_AD_PROTOCOL_VERSION:
  371. return "protocol version";
  372. case TLS1_AD_INSUFFICIENT_SECURITY:
  373. return "insufficient security";
  374. case TLS1_AD_INTERNAL_ERROR:
  375. return "internal error";
  376. case TLS1_AD_USER_CANCELLED:
  377. return "user canceled";
  378. case TLS1_AD_NO_RENEGOTIATION:
  379. return "no renegotiation";
  380. case TLS1_AD_UNSUPPORTED_EXTENSION:
  381. return "unsupported extension";
  382. case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
  383. return "certificate unobtainable";
  384. case TLS1_AD_UNRECOGNIZED_NAME:
  385. return "unrecognized name";
  386. case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
  387. return "bad certificate status response";
  388. case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
  389. return "bad certificate hash value";
  390. case TLS1_AD_UNKNOWN_PSK_IDENTITY:
  391. return "unknown PSK identity";
  392. case TLS1_AD_NO_APPLICATION_PROTOCOL:
  393. return "no application protocol";
  394. default:
  395. return "unknown";
  396. }
  397. }