LDAPDN_rewrite_dummy *func, unsigned flags ));
LDAP_F (int) ldap_pvt_tls_get_strength LDAP_P(( void *ctx ));
LDAP_F (int) ldap_pvt_tls_get_unique LDAP_P(( void *ctx, struct berval *buf, int is_server ));
+LDAP_F (const char *) ldap_pvt_tls_get_version LDAP_P(( void *ctx ));
+LDAP_F (const char *) ldap_pvt_tls_get_cipher LDAP_P(( void *ctx ));
LDAP_END_DECL
typedef int (TI_session_chkhost)(LDAP *ld, tls_session *s, const char *name_in);
typedef int (TI_session_strength)(tls_session *sess);
typedef int (TI_session_unique)(tls_session *sess, struct berval *buf, int is_server);
+typedef const char *(TI_session_name)(tls_session *s);
typedef void (TI_thr_init)(void);
TI_session_chkhost *ti_session_chkhost;
TI_session_strength *ti_session_strength;
TI_session_unique *ti_session_unique;
+ TI_session_name *ti_session_version;
+ TI_session_name *ti_session_cipher;
Sockbuf_IO *ti_sbio;
tls_session *session = s;
return tls_imp->ti_session_unique( session, buf, is_server );
}
+
+const char *
+ldap_pvt_tls_get_version( void *s )
+{
+ tls_session *session = s;
+ return tls_imp->ti_session_version( session );
+}
+
+const char *
+ldap_pvt_tls_get_cipher( void *s )
+{
+ tls_session *session = s;
+ return tls_imp->ti_session_cipher( session );
+}
#endif /* HAVE_TLS */
int
return 0;
}
+static const char *
+tlsg_session_version( tls_session *sess )
+{
+ tlsg_session *s = (tlsg_session *)sess;
+ return gnutls_protocol_get_name(gnutls_protocol_get_version( s->session ));
+}
+
+static const char *
+tlsg_session_cipher( tls_session *sess )
+{
+ tlsg_session *s = (tlsg_session *)sess;
+ return gnutls_cipher_get_name(gnutls_cipher_get( s->session ));
+}
+
/* suites is a string of colon-separated cipher suite names. */
static int
tlsg_parse_ciphers( tlsg_ctx *ctx, char *suites )
tlsg_session_chkhost,
tlsg_session_strength,
tlsg_session_unique,
+ tlsg_session_version,
+ tlsg_session_cipher,
&tlsg_sbio,
int infd = PR_FileDesc2NativeHandle( PR_STDIN );
int isTTY = isatty( infd );
unsigned char phrase[200];
+ char *dummy;
/* Prompt for password */
if ( isTTY ) {
fprintf( stdout,
token_name ? token_name : DEFAULT_TOKEN_NAME );
echoOff( infd );
}
- fgets( (char*)phrase, sizeof(phrase), stdin );
+ dummy = fgets( (char*)phrase, sizeof(phrase), stdin );
+ (void) dummy;
if ( isTTY ) {
fprintf( stdout, "\n" );
echoOn( infd );
static int
tlsm_session_unique( tls_session *sess, struct berval *buf, int is_server)
{
+ /* Need upstream support https://bugzilla.mozilla.org/show_bug.cgi?id=563276 */
return 0;
}
+/* Yet again, we're pasting in glue that MozNSS ought to provide itself. */
+static struct {
+ const char *name;
+ int num;
+} pvers[] = {
+ { "SSLv2", SSL_LIBRARY_VERSION_2 },
+ { "SSLv3", SSL_LIBRARY_VERSION_3_0 },
+ { "TLSv1", SSL_LIBRARY_VERSION_TLS_1_0 },
+ { "TLSv1.1", SSL_LIBRARY_VERSION_TLS_1_1 },
+ { NULL, 0 }
+};
+
+static const char *
+tlsm_session_version( tls_session *sess )
+{
+ tlsm_session *s = (tlsm_session *)sess;
+ SSLChannelInfo info;
+ int rc;
+ rc = SSL_GetChannelInfo( s, &info, sizeof( info ));
+ if ( rc == 0 ) {
+ int i;
+ for (i=0; pvers[i].name; i++)
+ if (pvers[i].num == info.protocolVersion)
+ return pvers[i].name;
+ }
+ return "unknown";
+}
+
+static const char *
+tlsm_session_cipher( tls_session *sess )
+{
+ tlsm_session *s = (tlsm_session *)sess;
+ SSLChannelInfo info;
+ int rc;
+ rc = SSL_GetChannelInfo( s, &info, sizeof( info ));
+ if ( rc == 0 ) {
+ SSLCipherSuiteInfo csinfo;
+ rc = SSL_GetCipherSuiteInfo( info.cipherSuite, &csinfo, sizeof( csinfo ));
+ if ( rc == 0 )
+ return csinfo.cipherSuiteName;
+ }
+ return "unknown";
+}
+
/*
* TLS support for LBER Sockbufs
*/
tlsm_session_chkhost,
tlsm_session_strength,
tlsm_session_unique,
+ tlsm_session_version,
+ tlsm_session_cipher,
&tlsm_sbio,
return buf->bv_len;
}
+static const char *
+tlso_session_version( tls_session *sess )
+{
+ tlso_session *s = (tlso_session *)sess;
+ return SSL_get_version(s);
+}
+
+static const char *
+tlso_session_cipher( tls_session *sess )
+{
+ tlso_session *s = (tlso_session *)sess;
+ return SSL_CIPHER_get_name(SSL_get_current_cipher(s));
+}
+
/*
* TLS support for LBER Sockbufs
*/
tlso_session_chkhost,
tlso_session_strength,
tlso_session_unique,
+ tlso_session_version,
+ tlso_session_cipher,
&tlso_sbio,
} else if ( rc == 0 ) {
void *ssl;
struct berval authid = BER_BVNULL;
+ char msgbuf[32];
c->c_needs_tls_accept = 0;
"unable to get TLS client DN, error=%d id=%lu\n",
s, rc, c->c_connid );
}
+ sprintf(msgbuf, "tls_ssf=%u ssf=%u", c->c_tls_ssf, c->c_ssf);
Statslog( LDAP_DEBUG_STATS,
- "conn=%lu fd=%d TLS established tls_ssf=%u ssf=%u\n",
- c->c_connid, (int) s, c->c_tls_ssf, c->c_ssf, 0 );
+ "conn=%lu fd=%d TLS established %s tls_proto=%s tls_cipher=%s\n",
+ c->c_connid, (int) s,
+ msgbuf, ldap_pvt_tls_get_version( ssl ), ldap_pvt_tls_get_cipher( ssl ));
slap_sasl_external( c, c->c_tls_ssf, &authid );
if ( authid.bv_val ) free( authid.bv_val );
{
projects / openldap / commitdiff