Hello,
You may trace connect/accept progres defining some callback function:
/**
* SSL connection info callback.
*
* @param ssl SSL connection
socket
* @param type connection type
* @param val connection info
* @return none
*/
static void ssl_connection_info_cb(const SSL * ssl, int type, int val)
{
if (type & SSL_CB_LOOP) {
log_tra("ssl_state: %s: %s",
type &
SSL_ST_CONNECT ? "connect" :
type &
SSL_ST_ACCEPT ? "accept" :
"undefined", SSL_state_string_long(ssl));
}
if (type & SSL_CB_ALERT) {
log_tra("ssl_alert: %s:%s: %s",
type &
SSL_CB_READ ? "read" : "write",
SSL_alert_type_string_long(val), SSL_alert_desc_string_long(val));
}
}
and at library initialization set this callback:
/* callback for connection information on SSL/TLS session negotiation */
SSL_CTX_set_info_callback(ctx, ssl_connection_info_cb);
Best regards,
--
Marek Marcola <[email protected]>
[email protected] wrote on 05/16/2012 05:15:40 PM:
> [email protected]
> Sent by: [email protected]
>
> 05/16/2012 05:25 PM
>
> Please respond to
> [email protected]
>
> To
>
> [email protected], [email protected]
>
> cc
>
> Subject
>
> Question on enhancing OpenSSL logs
>
> Team
> I have a query on enhancing the OpenSSL logs,
>
> As you know, "SSL_accept" is just one call using SSL library for an SSL
handshake, but
> there are couple of steps inside this process like Client Hello / Server
Hello, etc.
> What if i need to find the internal failures in SSL handshake ? Is there
any openssl
> debug option available where the SSL library is capable of logging
additional info ?
>
> We already have a series of error cases handled for SSL handshake, but
they are pre-
> defined by OpenSSL and they do not speak on where they failed,
>
> err = SSL_accept((SSL *)SockObj->SSLCtx);
> if(err<=0){
> err=SSL_get_error((SSL *)SockObj->SSLCtx,err);
> switch(err){
> case SSL_ERROR_NONE:
> case SSL_ERROR_ZERO_RETURN:
> case SSL_ERROR_WANT_READ:
> case SSL_ERROR_WANT_WRITE:
> case SSL_ERROR_WANT_CONNECT:
> case SSL_ERROR_SYSCALL:
> case SSL_ERROR_SSL:
> }
> }
>
> Can you shed some lights here ?
>
> Thanks & Regards
> ________________________
> Karthikeyan Thirumal
>
> ******************************************************
> This message and any files or attachments sent with this message contain
confidential
> information and is intended only for the individual named. If you are
not the named
> addressee, you should not disseminate, distribute, copy or use any part
of this email.
> If you have received this message in error, please delete it and all
copies from your
> system and notify the sender immediately by return Email.
>
> Email transmission cannot be guaranteed to be secure or error-free as
information can be
> intercepted, corrupted, lost, destroyed, late, incomplete or may contain
viruses. The
> sender, therefore, does not accept liability for any errors or omissions
in the contents
> of this message, which arise as a result of email transmission.
> ******************************************************
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
