'[Openvpn-devel] [PATCH 4/8] Improve keys out of sync message'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvpn-devel
Subject:    [Openvpn-devel] [PATCH 4/8] Improve keys out of sync message
From:       Arne Schwabe <arne () rfc2549 ! org>
Date:       2020-10-23 12:02:55
Message-ID: 20201023120259.29783-3-arne () rfc2549 ! org
[Download RAW message or body]

The current message basically lacks the information to actually figure
out why the keys are out of sync. This adds the missing information to
that diagnostic message.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/ssl.c | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 98ce38f9..79ad322a 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -763,6 +763,22 @@ state_name(int state)
     }
 }
 
+static const char *
+ks_auth_name(enum ks_auth_state auth)
+{
+    switch(auth)
+    {
+    case KS_AUTH_TRUE:
+        return "KS_AUTH_TRUE";
+    case KS_AUTH_DEFERRED:
+        return "KS_AUTH_DEFERRED";
+    case KS_AUTH_FALSE:
+        return "KS_AUTH_FALSE";
+    default:
+        return "KS_????";
+    }
+}
+
 static const char *
 packet_opcode_name(int op)
 {
@@ -833,8 +849,9 @@ print_key_id(struct tls_multi *multi, struct gc_arena *gc)
     for (int i = 0; i < KEY_SCAN_SIZE; ++i)
     {
         struct key_state *ks = get_key_scan(multi, i);
-        buf_printf(&out, " [key#%d state=%s id=%d sid=%s]", i,
-                   state_name(ks->state), ks->key_id,
+        buf_printf(&out, " [key#%d state=%s auth=%s id=%d sid=%s]", i,
+                   state_name(ks->state), ks_auth_name(ks->authenticated),
+                   ks->key_id,
                    session_id_print(&ks->session_id_remote, gc));
     }
 
@@ -3331,8 +3348,10 @@ handle_data_channel_packet(struct tls_multi *multi,
     }
 
     msg(D_TLS_ERRORS,
-        "TLS Error: local/remote TLS keys are out of sync: %s [%d]",
-        print_link_socket_actual(from, &gc), key_id);
+        "TLS Error: local/remote TLS keys are out of sync: %s "
+        "(received key id: %d, known key ids: %s)",
+        print_link_socket_actual(from, &gc), key_id,
+        print_key_id(multi, &gc));
 
 done:
     tls_clear_error();
-- 
2.26.2



_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic