Hi, On 26/03/2021 18:57, Arne Schwabe wrote: > This commit cleans up the logic in the function a bit. It also makes it > more clear the the details printed in the second part of the message are > details about the peer certificate and not the TLS connection as such. > Also print the signature algorithm as this might help to identify > peer certificate that still use SHA1. > > The new format with for TLS 1.3 and an EC certificate. > > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer > certificate: 384 bit EC, curve secp384r1, signature: ecdsa-with-SHA256 > > Using the more generic OpenSSL functions also allows use to correctly > print details about ED certificates: > > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer > certificate: 253 bit ED25519, signature: ED25519 > > Patch v2: Cleanup multiple calls to EVP_PKEY_id, minor code restructuring > > Patch v3: Always initialise sig. > > Signed-off-by: Arne Schwabe <a...@rfc2549.org>
It looks good now! Printing of the peer certificate works as expected with both RSA and ECDSA certificates. Acked-by: Antonio Quartulli <anto...@openvpn.net> -- Antonio Quartulli _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
