CVSROOT: /cvs
Module name: ports
Changes by: k...@cvs.openbsd.org 2021/06/24 09:26:09
Modified files:
security/openssl/1.0.2: Makefile
security/openssl/1.1: Makefile
Log message:
Enable s_client(1) and s_server(1) "-trace" option
Changes between 1.0.1l and 1.0.2 [22 Jan 2015]
...
*) SSL/TLS tracing code. This parses out SSL/TLS records using the
message callback and prints the results. Needs compile time option
"enable-ssl-trace". New options to s_client and s_server to enable
tracing.
[Steve Henson]
It is especially handy when looking at TLS handshakes, e.g. to try
figure out why nc(1)/libtls TLSv1.3 fails but openssl(1)/libssl doesn't.
LibreSSL's openssl(1) has
-msg
Show all protocol messages with hex dump.
but it is not as nearly insightful as OpenSSL's s_client(1)
-trace
Show verbose trace output of protocol messages. OpenSSL needs
to be compiled with enable-ssl-trace for this option to work.
Upstream enabled "ssl-trace" by default as of 10.06.2021, see commit
726f92e016bac53175ed5d5321bce1ddf6b207d6.
Feedback sthen tb
OK tb
