From 38fe22e4dbe073abb05b6f259c197047bb8041f1 Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Sat, 20 Oct 2018 07:54:51 +0800
Subject: [PATCH] openssl: info log with cipher details and tls version

---
 lib/tls/openssl/openssl-client.c |  3 +++
 lib/tls/openssl/openssl-server.c |  5 +++++
 lib/tls/openssl/ssl.c            | 15 +++++++++++++++
 3 files changed, 23 insertions(+)

diff --git a/lib/tls/openssl/openssl-client.c b/lib/tls/openssl/openssl-client.c
index 6931f15a..23a9ffeb 100644
--- a/lib/tls/openssl/openssl-client.c
+++ b/lib/tls/openssl/openssl-client.c
@@ -21,6 +21,8 @@
 
 #include "core/private.h"
 
+int lws_openssl_describe_cipher(struct lws *wsi);
+
 extern int openssl_websocket_private_data_index,
     openssl_SSL_CTX_private_data_index;
 
@@ -250,6 +252,7 @@ lws_tls_client_connect(struct lws *wsi)
 		lws_role_call_alpn_negotiated(wsi, (const char *)a);
 #endif
 		lwsl_info("client connect OK\n");
+		lws_openssl_describe_cipher(wsi);
 		return LWS_SSL_CAPABLE_DONE;
 	}
 
diff --git a/lib/tls/openssl/openssl-server.c b/lib/tls/openssl/openssl-server.c
index a87c920a..7e23c2e6 100644
--- a/lib/tls/openssl/openssl-server.c
+++ b/lib/tls/openssl/openssl-server.c
@@ -24,6 +24,8 @@
 extern int openssl_websocket_private_data_index,
 	   openssl_SSL_CTX_private_data_index;
 
+int lws_openssl_describe_cipher(struct lws *wsi);
+
 static int
 OpenSSL_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
 {
@@ -479,6 +481,9 @@ lws_tls_server_accept(struct lws *wsi)
 				    __func__, ir.ns.name);
 		else
 			lwsl_info("%s: couldn't get client cert CN\n", __func__);
+
+		lws_openssl_describe_cipher(wsi);
+
 		return LWS_SSL_CAPABLE_DONE;
 	}
 
diff --git a/lib/tls/openssl/ssl.c b/lib/tls/openssl/ssl.c
index b429e7d7..0e847238 100644
--- a/lib/tls/openssl/ssl.c
+++ b/lib/tls/openssl/ssl.c
@@ -25,6 +25,21 @@
 int openssl_websocket_private_data_index,
 	   openssl_SSL_CTX_private_data_index;
 
+int lws_openssl_describe_cipher(struct lws *wsi)
+{
+#if !defined(LWS_WITH_NO_LOGS)
+	int np = -1;
+	SSL *s = wsi->tls.ssl;
+
+	SSL_get_cipher_bits(s, &np);
+	lwsl_info("%s: wsi %p: %s, %s, %d bits, %s\n", __func__, wsi,
+			SSL_get_cipher_name(s), SSL_get_cipher(s), np,
+			SSL_get_cipher_version(s));
+#endif
+
+	return 0;
+}
+
 int lws_ssl_get_error(struct lws *wsi, int n)
 {
 	int m;
-- 
GitLab