ssl_stat.c 11.6 KB
Newer Older
R
Rich Salz 已提交
1
/*
2
 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3
 * Copyright 2005 Nokia. All rights reserved.
4
 *
R
Rich Salz 已提交
5 6 7 8
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
9
 */
R
Rich Salz 已提交
10

11
#include <stdio.h>
12
#include "ssl_local.h"
13

B
Ben Laurie 已提交
14
const char *SSL_state_string_long(const SSL *s)
15
{
16
    if (ossl_statem_in_error(s))
M
Matt Caswell 已提交
17 18
        return "error";

M
Matt Caswell 已提交
19
    switch (SSL_get_state(s)) {
R
Rich Salz 已提交
20 21 22 23 24
    case TLS_ST_CR_CERT_STATUS:
        return "SSLv3/TLS read certificate status";
    case TLS_ST_CW_NEXT_PROTO:
        return "SSLv3/TLS write next proto";
    case TLS_ST_SR_NEXT_PROTO:
25
        return "SSLv3/TLS read next proto";
R
Rich Salz 已提交
26
    case TLS_ST_SW_CERT_STATUS:
27
        return "SSLv3/TLS write certificate status";
M
Matt Caswell 已提交
28
    case TLS_ST_BEFORE:
29
        return "before SSL initialization";
M
Matt Caswell 已提交
30
    case TLS_ST_OK:
31
        return "SSL negotiation finished successfully";
M
Matt Caswell 已提交
32
    case TLS_ST_CW_CLNT_HELLO:
33
        return "SSLv3/TLS write client hello";
M
Matt Caswell 已提交
34
    case TLS_ST_CR_SRVR_HELLO:
35
        return "SSLv3/TLS read server hello";
M
Matt Caswell 已提交
36
    case TLS_ST_CR_CERT:
37
        return "SSLv3/TLS read server certificate";
M
Matt Caswell 已提交
38
    case TLS_ST_CR_KEY_EXCH:
39
        return "SSLv3/TLS read server key exchange";
M
Matt Caswell 已提交
40
    case TLS_ST_CR_CERT_REQ:
41
        return "SSLv3/TLS read server certificate request";
M
Matt Caswell 已提交
42
    case TLS_ST_CR_SESSION_TICKET:
43
        return "SSLv3/TLS read server session ticket";
M
Matt Caswell 已提交
44
    case TLS_ST_CR_SRVR_DONE:
45
        return "SSLv3/TLS read server done";
M
Matt Caswell 已提交
46
    case TLS_ST_CW_CERT:
47
        return "SSLv3/TLS write client certificate";
M
Matt Caswell 已提交
48
    case TLS_ST_CW_KEY_EXCH:
49
        return "SSLv3/TLS write client key exchange";
M
Matt Caswell 已提交
50
    case TLS_ST_CW_CERT_VRFY:
51
        return "SSLv3/TLS write certificate verify";
M
Matt Caswell 已提交
52 53
    case TLS_ST_CW_CHANGE:
    case TLS_ST_SW_CHANGE:
54
        return "SSLv3/TLS write change cipher spec";
M
Matt Caswell 已提交
55 56
    case TLS_ST_CW_FINISHED:
    case TLS_ST_SW_FINISHED:
57
        return "SSLv3/TLS write finished";
M
Matt Caswell 已提交
58 59
    case TLS_ST_CR_CHANGE:
    case TLS_ST_SR_CHANGE:
60
        return "SSLv3/TLS read change cipher spec";
M
Matt Caswell 已提交
61 62
    case TLS_ST_CR_FINISHED:
    case TLS_ST_SR_FINISHED:
63
        return "SSLv3/TLS read finished";
M
Matt Caswell 已提交
64
    case TLS_ST_SR_CLNT_HELLO:
65
        return "SSLv3/TLS read client hello";
M
Matt Caswell 已提交
66
    case TLS_ST_SW_HELLO_REQ:
67
        return "SSLv3/TLS write hello request";
M
Matt Caswell 已提交
68
    case TLS_ST_SW_SRVR_HELLO:
69
        return "SSLv3/TLS write server hello";
M
Matt Caswell 已提交
70
    case TLS_ST_SW_CERT:
71
        return "SSLv3/TLS write certificate";
M
Matt Caswell 已提交
72
    case TLS_ST_SW_KEY_EXCH:
73
        return "SSLv3/TLS write key exchange";
M
Matt Caswell 已提交
74
    case TLS_ST_SW_CERT_REQ:
75
        return "SSLv3/TLS write certificate request";
M
Matt Caswell 已提交
76
    case TLS_ST_SW_SESSION_TICKET:
77
        return "SSLv3/TLS write session ticket";
M
Matt Caswell 已提交
78
    case TLS_ST_SW_SRVR_DONE:
79
        return "SSLv3/TLS write server done";
M
Matt Caswell 已提交
80
    case TLS_ST_SR_CERT:
81
        return "SSLv3/TLS read client certificate";
M
Matt Caswell 已提交
82
    case TLS_ST_SR_KEY_EXCH:
83
        return "SSLv3/TLS read client key exchange";
M
Matt Caswell 已提交
84
    case TLS_ST_SR_CERT_VRFY:
85
        return "SSLv3/TLS read certificate verify";
M
Matt Caswell 已提交
86
    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
87
        return "DTLS1 read hello verify request";
M
Matt Caswell 已提交
88
    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
89
        return "DTLS1 write hello verify request";
90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115
    case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
        return "TLSv1.3 write encrypted extensions";
    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
        return "TLSv1.3 read encrypted extensions";
    case TLS_ST_CR_CERT_VRFY:
        return "TLSv1.3 read server certificate verify";
    case TLS_ST_SW_CERT_VRFY:
        return "TLSv1.3 write server certificate verify";
    case TLS_ST_CR_HELLO_REQ:
        return "SSLv3/TLS read hello request";
    case TLS_ST_SW_KEY_UPDATE:
        return "TLSv1.3 write server key update";
    case TLS_ST_CW_KEY_UPDATE:
        return "TLSv1.3 write client key update";
    case TLS_ST_SR_KEY_UPDATE:
        return "TLSv1.3 read client key update";
    case TLS_ST_CR_KEY_UPDATE:
        return "TLSv1.3 read server key update";
    case TLS_ST_EARLY_DATA:
        return "TLSv1.3 early data";
    case TLS_ST_PENDING_EARLY_DATA_END:
        return "TLSv1.3 pending early data end";
    case TLS_ST_CW_END_OF_EARLY_DATA:
        return "TLSv1.3 write end of early data";
    case TLS_ST_SR_END_OF_EARLY_DATA:
        return "TLSv1.3 read end of early data";
116
    default:
117
        return "unknown state";
118 119
    }
}
120

B
Ben Laurie 已提交
121
const char *SSL_state_string(const SSL *s)
122
{
123
    if (ossl_statem_in_error(s))
M
Matt Caswell 已提交
124 125
        return "SSLERR";

M
Matt Caswell 已提交
126
    switch (SSL_get_state(s)) {
R
Rich Salz 已提交
127 128 129 130 131 132 133 134 135 136 137 138
    case TLS_ST_SR_NEXT_PROTO:
        return "TRNP";
    case TLS_ST_SW_SESSION_TICKET:
        return "TWST";
    case TLS_ST_SW_CERT_STATUS:
        return "TWCS";
    case TLS_ST_CR_CERT_STATUS:
        return "TRCS";
    case TLS_ST_CR_SESSION_TICKET:
        return "TRST";
    case TLS_ST_CW_NEXT_PROTO:
        return "TWNP";
M
Matt Caswell 已提交
139
    case TLS_ST_BEFORE:
140
        return "PINIT ";
M
Matt Caswell 已提交
141
    case TLS_ST_OK:
142
        return "SSLOK ";
M
Matt Caswell 已提交
143
    case TLS_ST_CW_CLNT_HELLO:
144
        return "TWCH";
M
Matt Caswell 已提交
145
    case TLS_ST_CR_SRVR_HELLO:
146
        return "TRSH";
M
Matt Caswell 已提交
147
    case TLS_ST_CR_CERT:
148
        return "TRSC";
M
Matt Caswell 已提交
149
    case TLS_ST_CR_KEY_EXCH:
150
        return "TRSKE";
M
Matt Caswell 已提交
151
    case TLS_ST_CR_CERT_REQ:
152
        return "TRCR";
M
Matt Caswell 已提交
153
    case TLS_ST_CR_SRVR_DONE:
154
        return "TRSD";
M
Matt Caswell 已提交
155
    case TLS_ST_CW_CERT:
156
        return "TWCC";
M
Matt Caswell 已提交
157
    case TLS_ST_CW_KEY_EXCH:
158
        return "TWCKE";
M
Matt Caswell 已提交
159
    case TLS_ST_CW_CERT_VRFY:
160
        return "TWCV";
M
Matt Caswell 已提交
161 162
    case TLS_ST_SW_CHANGE:
    case TLS_ST_CW_CHANGE:
163
        return "TWCCS";
M
Matt Caswell 已提交
164 165
    case TLS_ST_SW_FINISHED:
    case TLS_ST_CW_FINISHED:
166
        return "TWFIN";
M
Matt Caswell 已提交
167 168
    case TLS_ST_SR_CHANGE:
    case TLS_ST_CR_CHANGE:
169
        return "TRCCS";
M
Matt Caswell 已提交
170 171
    case TLS_ST_SR_FINISHED:
    case TLS_ST_CR_FINISHED:
172
        return "TRFIN";
M
Matt Caswell 已提交
173
    case TLS_ST_SW_HELLO_REQ:
174
        return "TWHR";
M
Matt Caswell 已提交
175
    case TLS_ST_SR_CLNT_HELLO:
176
        return "TRCH";
M
Matt Caswell 已提交
177
    case TLS_ST_SW_SRVR_HELLO:
178
        return "TWSH";
M
Matt Caswell 已提交
179
    case TLS_ST_SW_CERT:
180
        return "TWSC";
M
Matt Caswell 已提交
181
    case TLS_ST_SW_KEY_EXCH:
182
        return "TWSKE";
M
Matt Caswell 已提交
183
    case TLS_ST_SW_CERT_REQ:
184
        return "TWCR";
M
Matt Caswell 已提交
185
    case TLS_ST_SW_SRVR_DONE:
186
        return "TWSD";
M
Matt Caswell 已提交
187
    case TLS_ST_SR_CERT:
188
        return "TRCC";
M
Matt Caswell 已提交
189
    case TLS_ST_SR_KEY_EXCH:
190
        return "TRCKE";
M
Matt Caswell 已提交
191
    case TLS_ST_SR_CERT_VRFY:
192
        return "TRCV";
M
Matt Caswell 已提交
193
    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
194
        return "DRCHV";
M
Matt Caswell 已提交
195
    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
196
        return "DWCHV";
197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222
    case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
        return "TWEE";
    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
        return "TREE";
    case TLS_ST_CR_CERT_VRFY:
        return "TRSCV";
    case TLS_ST_SW_CERT_VRFY:
        return "TRSCV";
    case TLS_ST_CR_HELLO_REQ:
        return "TRHR";
    case TLS_ST_SW_KEY_UPDATE:
        return "TWSKU";
    case TLS_ST_CW_KEY_UPDATE:
        return "TWCKU";
    case TLS_ST_SR_KEY_UPDATE:
        return "TRCKU";
    case TLS_ST_CR_KEY_UPDATE:
        return "TRSKU";
    case TLS_ST_EARLY_DATA:
        return "TED";
    case TLS_ST_PENDING_EARLY_DATA_END:
        return "TPEDE";
    case TLS_ST_CW_END_OF_EARLY_DATA:
        return "TWEOED";
    case TLS_ST_SR_END_OF_EARLY_DATA:
        return "TWEOED";
223
    default:
224
        return "UNKWN ";
225 226
    }
}
227

L
Lutz Jänicke 已提交
228
const char *SSL_alert_type_string_long(int value)
229
{
230 231 232 233 234 235 236 237
    switch (value >> 8) {
    case SSL3_AL_WARNING:
        return "warning";
    case SSL3_AL_FATAL:
        return "fatal";
    default:
        return "unknown";
    }
238
}
239

L
Lutz Jänicke 已提交
240
const char *SSL_alert_type_string(int value)
241
{
242 243 244 245 246 247 248 249
    switch (value >> 8) {
    case SSL3_AL_WARNING:
        return "W";
    case SSL3_AL_FATAL:
        return "F";
    default:
        return "U";
    }
250
}
251

L
Lutz Jänicke 已提交
252
const char *SSL_alert_desc_string(int value)
253 254 255
{
    switch (value & 0xff) {
    case SSL3_AD_CLOSE_NOTIFY:
256
        return "CN";
257
    case SSL3_AD_UNEXPECTED_MESSAGE:
258
        return "UM";
259
    case SSL3_AD_BAD_RECORD_MAC:
260
        return "BM";
261
    case SSL3_AD_DECOMPRESSION_FAILURE:
262
        return "DF";
263
    case SSL3_AD_HANDSHAKE_FAILURE:
264
        return "HF";
265
    case SSL3_AD_NO_CERTIFICATE:
266
        return "NC";
267
    case SSL3_AD_BAD_CERTIFICATE:
268
        return "BC";
269
    case SSL3_AD_UNSUPPORTED_CERTIFICATE:
270
        return "UC";
271
    case SSL3_AD_CERTIFICATE_REVOKED:
272
        return "CR";
273
    case SSL3_AD_CERTIFICATE_EXPIRED:
274
        return "CE";
275
    case SSL3_AD_CERTIFICATE_UNKNOWN:
276
        return "CU";
277
    case SSL3_AD_ILLEGAL_PARAMETER:
278
        return "IP";
279
    case TLS1_AD_DECRYPTION_FAILED:
280
        return "DC";
281
    case TLS1_AD_RECORD_OVERFLOW:
282
        return "RO";
283
    case TLS1_AD_UNKNOWN_CA:
284
        return "CA";
285
    case TLS1_AD_ACCESS_DENIED:
286
        return "AD";
287
    case TLS1_AD_DECODE_ERROR:
288
        return "DE";
289
    case TLS1_AD_DECRYPT_ERROR:
290
        return "CY";
291
    case TLS1_AD_EXPORT_RESTRICTION:
292
        return "ER";
293
    case TLS1_AD_PROTOCOL_VERSION:
294
        return "PV";
295
    case TLS1_AD_INSUFFICIENT_SECURITY:
296
        return "IS";
297
    case TLS1_AD_INTERNAL_ERROR:
298
        return "IE";
299
    case TLS1_AD_USER_CANCELLED:
300
        return "US";
301
    case TLS1_AD_NO_RENEGOTIATION:
302
        return "NR";
303
    case TLS1_AD_UNSUPPORTED_EXTENSION:
304
        return "UE";
305
    case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
306
        return "CO";
307
    case TLS1_AD_UNRECOGNIZED_NAME:
308
        return "UN";
309
    case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
310
        return "BR";
311
    case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
312
        return "BH";
313
    case TLS1_AD_UNKNOWN_PSK_IDENTITY:
314
        return "UP";
315
    default:
316
        return "UK";
317 318
    }
}
319

L
Lutz Jänicke 已提交
320
const char *SSL_alert_desc_string_long(int value)
321 322 323
{
    switch (value & 0xff) {
    case SSL3_AD_CLOSE_NOTIFY:
324
        return "close notify";
325
    case SSL3_AD_UNEXPECTED_MESSAGE:
326
        return "unexpected_message";
327
    case SSL3_AD_BAD_RECORD_MAC:
328
        return "bad record mac";
329
    case SSL3_AD_DECOMPRESSION_FAILURE:
330
        return "decompression failure";
331
    case SSL3_AD_HANDSHAKE_FAILURE:
332
        return "handshake failure";
333
    case SSL3_AD_NO_CERTIFICATE:
334
        return "no certificate";
335
    case SSL3_AD_BAD_CERTIFICATE:
336
        return "bad certificate";
337
    case SSL3_AD_UNSUPPORTED_CERTIFICATE:
338
        return "unsupported certificate";
339
    case SSL3_AD_CERTIFICATE_REVOKED:
340
        return "certificate revoked";
341
    case SSL3_AD_CERTIFICATE_EXPIRED:
342
        return "certificate expired";
343
    case SSL3_AD_CERTIFICATE_UNKNOWN:
344
        return "certificate unknown";
345
    case SSL3_AD_ILLEGAL_PARAMETER:
346
        return "illegal parameter";
347
    case TLS1_AD_DECRYPTION_FAILED:
348
        return "decryption failed";
349
    case TLS1_AD_RECORD_OVERFLOW:
350
        return "record overflow";
351
    case TLS1_AD_UNKNOWN_CA:
352
        return "unknown CA";
353
    case TLS1_AD_ACCESS_DENIED:
354
        return "access denied";
355
    case TLS1_AD_DECODE_ERROR:
356
        return "decode error";
357
    case TLS1_AD_DECRYPT_ERROR:
358
        return "decrypt error";
359
    case TLS1_AD_EXPORT_RESTRICTION:
360
        return "export restriction";
361
    case TLS1_AD_PROTOCOL_VERSION:
362
        return "protocol version";
363
    case TLS1_AD_INSUFFICIENT_SECURITY:
364
        return "insufficient security";
365
    case TLS1_AD_INTERNAL_ERROR:
366
        return "internal error";
367
    case TLS1_AD_USER_CANCELLED:
368
        return "user canceled";
369
    case TLS1_AD_NO_RENEGOTIATION:
370
        return "no renegotiation";
371
    case TLS1_AD_UNSUPPORTED_EXTENSION:
372
        return "unsupported extension";
373
    case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
374
        return "certificate unobtainable";
375
    case TLS1_AD_UNRECOGNIZED_NAME:
376
        return "unrecognized name";
377
    case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
378
        return "bad certificate status response";
379
    case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
380
        return "bad certificate hash value";
381
    case TLS1_AD_UNKNOWN_PSK_IDENTITY:
382
        return "unknown PSK identity";
E
Emilia Kasper 已提交
383
    case TLS1_AD_NO_APPLICATION_PROTOCOL:
384
        return "no application protocol";
385
    default:
386
        return "unknown";
387 388
    }
}