1
0

axssl.pl 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634
  1. #!/usr/bin/perl -w
  2. #
  3. # Copyright (c) 2007, Cameron Rich
  4. #
  5. # All rights reserved.
  6. #
  7. # Redistribution and use in source and binary forms, with or without
  8. # modification, are permitted provided that the following conditions are met:
  9. #
  10. # * Redistributions of source code must retain the above copyright notice,
  11. # this list of conditions and the following disclaimer.
  12. # * Redistributions in binary form must reproduce the above copyright
  13. # notice, this list of conditions and the following disclaimer in the
  14. # documentation and/or other materials provided with the distribution.
  15. # * Neither the name of the axTLS project nor the names of its
  16. # contributors may be used to endorse or promote products derived
  17. # from this software without specific prior written permission.
  18. #
  19. # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  20. # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  21. # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  22. # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
  23. # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  24. # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
  25. # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  26. # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
  27. # OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  28. # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  29. # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  30. #
  31. #
  32. # Demonstrate the use of the axTLS library in Perl with a set of
  33. # command-line parameters similar to openssl. In fact, openssl clients
  34. # should be able to communicate with axTLS servers and visa-versa.
  35. #
  36. # This code has various bits enabled depending on the configuration. To enable
  37. # the most interesting version, compile with the 'full mode' enabled.
  38. #
  39. # To see what options you have, run the following:
  40. # > [perl] axssl s_server -?
  41. # > [perl] axssl s_client -?
  42. #
  43. # The axtls/axtlsp shared libraries must be in the same directory or be found
  44. # by the OS. axtlsp.pm must be in this directory or be in @INC.
  45. #
  46. # Under Win32, ActivePerl was used (see
  47. # http://www.activestate.com/Products/ActivePerl/?mp=1)
  48. #
  49. use axtlsp;
  50. use IO::Socket;
  51. # To get access to Win32 file descriptor stuff
  52. my $is_win32 = 0;
  53. if ($^O eq "MSWin32")
  54. {
  55. eval("use Win32API::File 0.08 qw( :ALL )");
  56. $is_win32 = 1;
  57. }
  58. use strict;
  59. #
  60. # Win32 has some problems with socket handles
  61. #
  62. sub get_native_sock
  63. {
  64. my ($sock) = @_;
  65. return $is_win32 ? FdGetOsFHandle($sock) : $sock;
  66. }
  67. # print version?
  68. if ($#ARGV == 0 && $ARGV[0] eq "version")
  69. {
  70. printf("axssl.pl ".axtlsp::ssl_version()."\n");
  71. exit 0;
  72. }
  73. #
  74. # Main entry point. Doesn't do much except works out whether we are a client
  75. # or a server.
  76. #
  77. print_options($#ARGV > -1 ? $ARGV[0] : "")
  78. if ($#ARGV < 0 || ($ARGV[0] ne "s_server" && $ARGV[0] ne "s_client"));
  79. # Cygwin/Win32 issue - flush our output continuously
  80. select STDOUT;
  81. local $|=1;
  82. my $build_mode = axtlsp::ssl_get_config($axtlsp::SSL_BUILD_MODE);
  83. $ARGV[0] eq "s_server" ? do_server($build_mode) : do_client($build_mode);
  84. #
  85. # Implement the SSL server logic.
  86. #
  87. sub do_server
  88. {
  89. my ($build_mode) = @_;
  90. my $i = 1;
  91. my $port = 4433;
  92. my $options = $axtlsp::SSL_DISPLAY_CERTS;
  93. my $quiet = 0;
  94. my $password = undef;
  95. my $private_key_file = undef;
  96. my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
  97. my $ca_cert_size = axtlsp::ssl_get_config(
  98. $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
  99. my @cert;
  100. my @ca_cert;
  101. while ($i <= $#ARGV)
  102. {
  103. if ($ARGV[$i] eq "-accept")
  104. {
  105. print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
  106. $port = $ARGV[++$i];
  107. }
  108. elsif ($ARGV[$i] eq "-quiet")
  109. {
  110. $quiet = 1;
  111. $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
  112. }
  113. elsif ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
  114. {
  115. if ($ARGV[$i] eq "-cert")
  116. {
  117. print_server_options($build_mode, $ARGV[$i])
  118. if $i >= $#ARGV || $#cert >= $cert_size-1;
  119. push @cert, $ARGV[++$i];
  120. }
  121. elsif ($ARGV[$i] eq "-key")
  122. {
  123. print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
  124. $private_key_file = $ARGV[++$i];
  125. $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
  126. }
  127. elsif ($ARGV[$i] eq "-pass")
  128. {
  129. print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
  130. $password = $ARGV[++$i];
  131. }
  132. elsif ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
  133. {
  134. if ($ARGV[$i] eq "-verify")
  135. {
  136. $options |= $axtlsp::SSL_CLIENT_AUTHENTICATION;
  137. }
  138. elsif ($ARGV[$i] eq "-CAfile")
  139. {
  140. print_server_options($build_mode, $ARGV[$i])
  141. if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
  142. push @ca_cert, $ARGV[++$i];
  143. }
  144. elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
  145. {
  146. if ($ARGV[$i] eq "-debug")
  147. {
  148. $options |= $axtlsp::SSL_DISPLAY_BYTES;
  149. }
  150. elsif ($ARGV[$i] eq "-state")
  151. {
  152. $options |= $axtlsp::SSL_DISPLAY_STATES;
  153. }
  154. elsif ($ARGV[$i] eq "-show-rsa")
  155. {
  156. $options |= $axtlsp::SSL_DISPLAY_RSA;
  157. }
  158. else
  159. {
  160. print_server_options($build_mode, $ARGV[$i]);
  161. }
  162. }
  163. else
  164. {
  165. print_server_options($build_mode, $ARGV[$i]);
  166. }
  167. }
  168. else
  169. {
  170. print_server_options($build_mode, $ARGV[$i]);
  171. }
  172. }
  173. else
  174. {
  175. print_server_options($build_mode, $ARGV[$i]);
  176. }
  177. $i++;
  178. }
  179. # Create socket for incoming connections
  180. my $server_sock = IO::Socket::INET->new(Proto => 'tcp',
  181. LocalPort => $port,
  182. Listen => 1,
  183. Reuse => 1) or die $!;
  184. ###########################################################################
  185. # This is where the interesting stuff happens. Up until now we've
  186. # just been setting up sockets etc. Now we do the SSL handshake.
  187. ###########################################################################
  188. my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_SVR_SESS);
  189. die "Error: Server context is invalid" if not defined $ssl_ctx;
  190. if (defined $private_key_file)
  191. {
  192. my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
  193. $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
  194. $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
  195. die "Private key '$private_key_file' is undefined." if
  196. axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
  197. $private_key_file, $password);
  198. }
  199. foreach (@cert)
  200. {
  201. die "Certificate '$_' is undefined."
  202. if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT,
  203. $_, undef) != $axtlsp::SSL_OK;
  204. }
  205. foreach (@ca_cert)
  206. {
  207. die "Certificate '$_' is undefined."
  208. if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT,
  209. $_, undef) != $axtlsp::SSL_OK;
  210. }
  211. for (;;)
  212. {
  213. printf("ACCEPT\n") if not $quiet;
  214. my $client_sock = $server_sock->accept;
  215. my $native_sock = get_native_sock($client_sock->fileno);
  216. # This doesn't work in Win32 - need to get file descriptor from socket.
  217. my $ssl = axtlsp::ssl_server_new($ssl_ctx, $native_sock);
  218. # do the actual SSL handshake
  219. my $res;
  220. my $buf;
  221. my $connected = 0;
  222. while (1)
  223. {
  224. ($res, $buf) = axtlsp::ssl_read($ssl, undef);
  225. last if $res < $axtlsp::SSL_OK;
  226. if ($res == $axtlsp::SSL_OK) # connection established and ok
  227. {
  228. if (axtlsp::ssl_handshake_status($ssl) == $axtlsp::SSL_OK)
  229. {
  230. if (!$quiet && !$connected)
  231. {
  232. display_session_id($ssl);
  233. display_cipher($ssl);
  234. }
  235. $connected = 1;
  236. }
  237. }
  238. if ($res > $axtlsp::SSL_OK)
  239. {
  240. printf($$buf);
  241. }
  242. elsif ($res < $axtlsp::SSL_OK)
  243. {
  244. axtlsp::ssl_display_error($res) if not $quiet;
  245. last;
  246. }
  247. }
  248. # client was disconnected or the handshake failed.
  249. printf("CONNECTION CLOSED\n") if not $quiet;
  250. axtlsp::ssl_free($ssl);
  251. $client_sock->close;
  252. }
  253. axtlsp::ssl_ctx_free($ssl_ctx);
  254. }
  255. #
  256. # Implement the SSL client logic.
  257. #
  258. sub do_client
  259. {
  260. my ($build_mode) = @_;
  261. my $i = 1;
  262. my $port = 4433;
  263. my $options = $axtlsp::SSL_SERVER_VERIFY_LATER|$axtlsp::SSL_DISPLAY_CERTS;
  264. my $private_key_file = undef;
  265. my $reconnect = 0;
  266. my $quiet = 0;
  267. my $password = undef;
  268. my @session_id;
  269. my $host = "127.0.0.1";
  270. my @cert;
  271. my @ca_cert;
  272. my $cert_size = axtlsp::ssl_get_config(
  273. $axtlsp::SSL_MAX_CERT_CFG_OFFSET);
  274. my $ca_cert_size = axtlsp::ssl_get_config(
  275. $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
  276. while ($i <= $#ARGV)
  277. {
  278. if ($ARGV[$i] eq "-connect")
  279. {
  280. print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
  281. ($host, $port) = split(':', $ARGV[++$i]);
  282. }
  283. elsif ($ARGV[$i] eq "-cert")
  284. {
  285. print_client_options($build_mode, $ARGV[$i])
  286. if $i >= $#ARGV || $#cert >= $cert_size-1;
  287. push @cert, $ARGV[++$i];
  288. }
  289. elsif ($ARGV[$i] eq "-key")
  290. {
  291. print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
  292. $private_key_file = $ARGV[++$i];
  293. $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
  294. }
  295. elsif ($ARGV[$i] eq "-CAfile")
  296. {
  297. print_client_options($build_mode, $ARGV[$i])
  298. if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
  299. push @ca_cert, $ARGV[++$i];
  300. }
  301. elsif ($ARGV[$i] eq "-verify")
  302. {
  303. $options &= ~$axtlsp::SSL_SERVER_VERIFY_LATER;
  304. }
  305. elsif ($ARGV[$i] eq "-reconnect")
  306. {
  307. $reconnect = 4;
  308. }
  309. elsif ($ARGV[$i] eq "-quiet")
  310. {
  311. $quiet = 1;
  312. $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
  313. }
  314. elsif ($ARGV[$i] eq "-pass")
  315. {
  316. print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
  317. $password = $ARGV[++$i];
  318. }
  319. elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
  320. {
  321. if ($ARGV[$i] eq "-debug")
  322. {
  323. $options |= $axtlsp::SSL_DISPLAY_BYTES;
  324. }
  325. elsif ($ARGV[$i] eq "-state")
  326. {
  327. $options |= $axtlsp::SSL_DISPLAY_STATES;
  328. }
  329. elsif ($ARGV[$i] eq "-show-rsa")
  330. {
  331. $options |= $axtlsp::SSL_DISPLAY_RSA;
  332. }
  333. else # don't know what this is
  334. {
  335. print_client_options($build_mode, $ARGV[$i]);
  336. }
  337. }
  338. else # don't know what this is
  339. {
  340. print_client_options($build_mode, $ARGV[$i]);
  341. }
  342. $i++;
  343. }
  344. my $client_sock = new IO::Socket::INET (
  345. PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
  346. || die ("no socket: $!");
  347. my $ssl;
  348. my $res;
  349. my $native_sock = get_native_sock($client_sock->fileno);
  350. printf("CONNECTED\n") if not $quiet;
  351. ###########################################################################
  352. # This is where the interesting stuff happens. Up until now we've
  353. # just been setting up sockets etc. Now we do the SSL handshake.
  354. ###########################################################################
  355. my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_CLNT_SESS);
  356. die "Error: Client context is invalid" if not defined $ssl_ctx;
  357. if (defined $private_key_file)
  358. {
  359. my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
  360. $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
  361. $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
  362. die "Private key '$private_key_file' is undefined." if
  363. axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
  364. $private_key_file, $password);
  365. }
  366. foreach (@cert)
  367. {
  368. die "Certificate '$_' is undefined."
  369. if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT,
  370. $_, undef) != $axtlsp::SSL_OK;
  371. }
  372. foreach (@ca_cert)
  373. {
  374. die "Certificate '$_' is undefined."
  375. if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT,
  376. $_, undef) != $axtlsp::SSL_OK;
  377. }
  378. # Try session resumption?
  379. if ($reconnect)
  380. {
  381. my $session_id = undef;
  382. my $sess_id_size = 0;
  383. while ($reconnect--)
  384. {
  385. $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock,
  386. $session_id, $sess_id_size);
  387. $res = axtlsp::ssl_handshake_status($ssl);
  388. if ($res != $axtlsp::SSL_OK)
  389. {
  390. axtlsp::ssl_display_error($res) if !$quiet;
  391. axtlsp::ssl_free($ssl);
  392. exit 1;
  393. }
  394. display_session_id($ssl);
  395. $session_id = axtlsp::ssl_get_session_id($ssl);
  396. if ($reconnect)
  397. {
  398. axtlsp::ssl_free($ssl);
  399. $client_sock->close;
  400. $client_sock = new IO::Socket::INET (
  401. PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
  402. || die ("no socket: $!");
  403. }
  404. }
  405. }
  406. else
  407. {
  408. $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef, 0);
  409. }
  410. # check the return status
  411. $res = axtlsp::ssl_handshake_status($ssl);
  412. if ($res != $axtlsp::SSL_OK)
  413. {
  414. axtlsp::ssl_display_error($res) if not $quiet;
  415. exit 1;
  416. }
  417. if (!$quiet)
  418. {
  419. my $common_name = axtlsp::ssl_get_cert_dn($ssl,
  420. $axtlsp::SSL_X509_CERT_COMMON_NAME);
  421. printf("Common Name:\t\t\t%s\n", $common_name) if defined $common_name;
  422. display_session_id($ssl);
  423. display_cipher($ssl);
  424. }
  425. while (<STDIN>)
  426. {
  427. my $cstring = pack("a*x", $_); # add null terminator
  428. $res = axtlsp::ssl_write($ssl, \$cstring, length($cstring));
  429. if ($res < $axtlsp::SSL_OK)
  430. {
  431. axtlsp::ssl_display_error($res) if not $quiet;
  432. last;
  433. }
  434. }
  435. axtlsp::ssl_ctx_free($ssl_ctx);
  436. $client_sock->close;
  437. }
  438. #
  439. # We've had some sort of command-line error. Print out the basic options.
  440. #
  441. sub print_options
  442. {
  443. my ($option) = @_;
  444. printf("axssl: Error: '%s' is an invalid command.\n", $option);
  445. printf("usage: axssl [s_server|s_client|version] [args ...]\n");
  446. exit 1;
  447. }
  448. #
  449. # We've had some sort of command-line error. Print out the server options.
  450. #
  451. sub print_server_options
  452. {
  453. my ($build_mode, $option) = @_;
  454. my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
  455. my $ca_cert_size = axtlsp::ssl_get_config(
  456. $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
  457. printf("unknown option %s\n", $option);
  458. printf("usage: s_server [args ...]\n");
  459. printf(" -accept arg\t- port to accept on (default is 4433)\n");
  460. printf(" -quiet\t\t- No server output\n");
  461. if ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
  462. {
  463. printf(" -cert arg\t- certificate file to add (in addition to default)".
  464. " to chain -\n".
  465. "\t\t Can repeat up to %d times\n", $cert_size);
  466. printf(" -key arg\t- Private key file to use - default DER format\n");
  467. printf(" -pass\t\t- private key file pass phrase source\n");
  468. }
  469. if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
  470. {
  471. printf(" -verify\t- turn on peer certificate verification\n");
  472. printf(" -CAfile arg\t- Certificate authority - default DER format\n");
  473. printf("\t\t Can repeat up to %d times\n", $ca_cert_size);
  474. }
  475. if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
  476. {
  477. printf(" -debug\t\t- Print more output\n");
  478. printf(" -state\t\t- Show state messages\n");
  479. printf(" -show-rsa\t- Show RSA state\n");
  480. }
  481. exit 1;
  482. }
  483. #
  484. # We've had some sort of command-line error. Print out the client options.
  485. #
  486. sub print_client_options
  487. {
  488. my ($build_mode, $option) = @_;
  489. my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
  490. my $ca_cert_size = axtlsp::ssl_get_config(
  491. $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
  492. printf("unknown option %s\n", $option);
  493. if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_CLIENT)
  494. {
  495. printf("usage: s_client [args ...]\n");
  496. printf(" -connect host:port - who to connect to (default ".
  497. "is localhost:4433)\n");
  498. printf(" -verify\t- turn on peer certificate verification\n");
  499. printf(" -cert arg\t- certificate file to use - default DER format\n");
  500. printf(" -key arg\t- Private key file to use - default DER format\n");
  501. printf("\t\t Can repeat up to %d times\n", $cert_size);
  502. printf(" -CAfile arg\t- Certificate authority - default DER format\n");
  503. printf("\t\t Can repeat up to %d times\n", $ca_cert_size);
  504. printf(" -quiet\t\t- No client output\n");
  505. printf(" -pass\t\t- private key file pass phrase source\n");
  506. printf(" -reconnect\t- Drop and re-make the connection ".
  507. "with the same Session-ID\n");
  508. if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
  509. {
  510. printf(" -debug\t\t- Print more output\n");
  511. printf(" -state\t\t- Show state messages\n");
  512. printf(" -show-rsa\t- Show RSA state\n");
  513. }
  514. }
  515. else
  516. {
  517. printf("Change configuration to allow this feature\n");
  518. }
  519. exit 1;
  520. }
  521. #
  522. # Display what cipher we are using
  523. #
  524. sub display_cipher
  525. {
  526. my ($ssl) = @_;
  527. printf("CIPHER is ");
  528. my $cipher_id = axtlsp::ssl_get_cipher_id($ssl);
  529. if ($cipher_id == $axtlsp::SSL_AES128_SHA)
  530. {
  531. printf("AES128-SHA");
  532. }
  533. elsif ($cipher_id == $axtlsp::SSL_AES256_SHA)
  534. {
  535. printf("AES256-SHA");
  536. }
  537. elsif ($axtlsp::SSL_RC4_128_SHA)
  538. {
  539. printf("RC4-SHA");
  540. }
  541. elsif ($axtlsp::SSL_RC4_128_MD5)
  542. {
  543. printf("RC4-MD5");
  544. }
  545. else
  546. {
  547. printf("Unknown - %d", $cipher_id);
  548. }
  549. printf("\n");
  550. }
  551. #
  552. # Display what session id we have.
  553. #
  554. sub display_session_id
  555. {
  556. my ($ssl) = @_;
  557. my $session_id = axtlsp::ssl_get_session_id($ssl);
  558. if (length($$session_id) > 0)
  559. {
  560. printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
  561. printf(unpack("H*", $$session_id));
  562. printf("\n-----END SSL SESSION PARAMETERS-----\n");
  563. }
  564. }