@@ -42,6 +42,8 @@ TARGET_LINK_LIBRARIES(ustream-example-server ustream-ssl)
ADD_EXECUTABLE(ustream-example-client ustream-example-client.c)
TARGET_LINK_LIBRARIES(ustream-example-client ustream-ssl)
+TARGET_COMPILE_DEFINITIONS(ustream-ssl PRIVATE $<$<CONFIG:Debug>:DEBUG>)
+
INSTALL(FILES ustream-ssl.h
DESTINATION include/libubox
)
@@ -25,6 +25,10 @@
#include <openssl/x509v3.h>
#endif
+#if defined(HAVE_WOLFSSL) && defined(DEBUG)
+#include <wolfssl/test.h>
+#endif
+
/* Ciphersuite preference:
* - for server, no weak ciphers are used if you use an ECDSA key.
* - forward-secret (pfs), authenticated (AEAD) ciphers are at the top:
@@ -268,6 +272,10 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us)
X509 *cert;
int res;
+#if defined(HAVE_WOLFSSL) && defined(DEBUG)
+ showPeer(ssl);
+#endif
+
res = SSL_get_verify_result(ssl);
if (res != X509_V_OK) {
if (us->notify_verify_error)
Show detailed information about the session/peer in debug builds: $ wget https://letsencrypt.org Alternate cert chain used issuer : /C=US/O=Let's Encrypt/CN=R3 subject: /CN=lencr.org altname = lencr.org altname = letsencrypt.com altname = letsencrypt.org altname = www.lencr.org altname = www.letsencrypt.com altname = www.letsencrypt.org serial number:03:4e:29:5a:d6:74:ae:fd:51:cd:0d:61:11:f9:e3:e3:bd:88 Certificate: ...snip... our cert info: No Cert Peer verify result = 39 SSL version is TLSv1.3 SSL cipher suite is TLS_AES_256_GCM_SHA384 SSL curve name is SECP256R1 Alternate cert chain used As it makes debugging issues like #9283 easier. Signed-off-by: Petr Štetiar <ynezz@true.cz> --- CMakeLists.txt | 2 ++ ustream-openssl.c | 8 ++++++++ 2 files changed, 10 insertions(+)