diff options
author | Arne Schwabe | 2020-10-23 14:02:55 +0200 |
---|---|---|
committer | Gert Doering | 2020-11-25 16:07:19 +0100 |
commit | f1f0f074bf6e7b91673bfa8cb08b3be44ebda76b (patch) | |
tree | c714f14cef5c01e5734b4e01023a0a53e675d250 /src/openvpn/ssl.c | |
parent | 8292102b102ff62d6b7ed1254076b822cb113162 (diff) | |
download | openvpn-f1f0f074bf6e7b91673bfa8cb08b3be44ebda76b.zip openvpn-f1f0f074bf6e7b91673bfa8cb08b3be44ebda76b.tar.gz |
Improve keys out of sync message
The current message basically lacks the information to actually figure
out why the keys are out of sync. This adds the missing information to
that diagnostic message.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20201023120259.29783-3-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21226.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/ssl.c')
-rw-r--r-- | src/openvpn/ssl.c | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 45b2b20..b207c6d 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -764,6 +764,22 @@ state_name(int state) } static const char * +ks_auth_name(enum ks_auth_state auth) +{ + switch (auth) + { + case KS_AUTH_TRUE: + return "KS_AUTH_TRUE"; + case KS_AUTH_DEFERRED: + return "KS_AUTH_DEFERRED"; + case KS_AUTH_FALSE: + return "KS_AUTH_FALSE"; + default: + return "KS_????"; + } +} + +static const char * packet_opcode_name(int op) { switch (op) @@ -833,8 +849,9 @@ print_key_id(struct tls_multi *multi, struct gc_arena *gc) for (int i = 0; i < KEY_SCAN_SIZE; ++i) { struct key_state *ks = get_key_scan(multi, i); - buf_printf(&out, " [key#%d state=%s id=%d sid=%s]", i, - state_name(ks->state), ks->key_id, + buf_printf(&out, " [key#%d state=%s auth=%s id=%d sid=%s]", i, + state_name(ks->state), ks_auth_name(ks->authenticated), + ks->key_id, session_id_print(&ks->session_id_remote, gc)); } @@ -3301,8 +3318,10 @@ handle_data_channel_packet(struct tls_multi *multi, } msg(D_TLS_ERRORS, - "TLS Error: local/remote TLS keys are out of sync: %s [%d]", - print_link_socket_actual(from, &gc), key_id); + "TLS Error: local/remote TLS keys are out of sync: %s " + "(received key id: %d, known key ids: %s)", + print_link_socket_actual(from, &gc), key_id, + print_key_id(multi, &gc)); done: tls_clear_error(); |