Unify connection established print

CMakeLists.txt

@@ -768,7 +768,7 @@ endif()
 #
 set(CPACK_PACKAGE_NAME "GmSSL")
 set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
-set(CPACK_PACKAGE_VERSION "3.2.0-dev.1022")
+set(CPACK_PACKAGE_VERSION "3.2.0-dev.1023")
 set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
 set(CPACK_NSIS_MODIFY_PATH ON)
 include(CPack)

cmake/tls12_commands.cmake

@@ -25,7 +25,7 @@ execute_process(
 )
 
 execute_process(
-	COMMAND bash -c "nohup bin/gmssl tls12_server -port ${TLS12_TEST_PORT} -cert tls_server_certs.pem -key signkey.pem -pass P@ssw0rd > tls12_server.log 2>&1 &"
+	COMMAND bash -c "nohup bin/gmssl tls12_server -port ${TLS12_TEST_PORT} -cert tls_server_certs.pem -key signkey.pem -pass P@ssw0rd -cipher_suite TLS_ECDHE_SM4_CBC_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 > tls12_server.log 2>&1 &"
 	RESULT_VARIABLE SERVER_RESULT
 	TIMEOUT 5
 )
@@ -36,7 +36,7 @@ endif()
 execute_process(COMMAND ${CMAKE_COMMAND} -E sleep 2)
 
 execute_process(
-	COMMAND bash -c "bin/gmssl tls12_client -host localhost -port ${TLS12_TEST_PORT} -cacert rootcacert.pem < /dev/null > tls12_client.log 2>&1 &"
+	COMMAND bash -c "bin/gmssl tls12_client -host localhost -port ${TLS12_TEST_PORT} -cacert rootcacert.pem -cipher_suite TLS_ECDHE_SM4_CBC_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 < /dev/null > tls12_client.log 2>&1 &"
 	RESULT_VARIABLE CLIENT_RESULT
 	TIMEOUT 5
 )

cmake/tls13_commands.cmake

@@ -41,7 +41,7 @@ set(FOUND_INDEX -1)
 foreach(i RANGE 1 15)
 	if(EXISTS "tls13_client.log")
 		file(READ "tls13_client.log" CLIENT_LOG_CONTENT)
-		string(FIND "${CLIENT_LOG_CONTENT}" "connected" FOUND_INDEX)
+		string(FIND "${CLIENT_LOG_CONTENT}" "Connection established" FOUND_INDEX)
 		if(NOT ${FOUND_INDEX} EQUAL -1)
 			break()
 		endif()

include/gmssl/tls.h

@@ -75,6 +75,8 @@ typedef enum {
 	TLS_protocol_dtls12			= 0xfefd, // {254, 253}
 } TLS_PROTOCOL;
 
+#define TLS_CONNECTION_ESTABLISHED_STRING "Connection established"
+
 const char *tls_protocol_name(int proto);
 int tls_protocol_from_name(const char *name);
 
@@ -1516,6 +1518,7 @@ int tls13_recv_key_update(TLS_CONNECT *conn);
 void tls_clean_record(TLS_CONNECT *conn);
 
 int tls_print_record(FILE *fp, int fmt, int ind, const char *label, TLS_CONNECT *conn);
+int tls_connect_print(FILE *fp, int fmt, int ind, const char *label, const TLS_CONNECT *conn);
 
 int tls_init(TLS_CONNECT *conn, TLS_CTX *ctx);
 int tls_set_verbose(TLS_CONNECT *conn, int verbose);

include/gmssl/version.h

@@ -19,7 +19,7 @@ extern "C" {
 
 // Also update CPACK_PACKAGE_VERSION in CMakeLists.txt
 #define GMSSL_VERSION_NUM	30200
-#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1022"
+#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1023"
 
 int gmssl_version_num(void);
 const char *gmssl_version_str(void);

src/tlcp.c

@@ -1213,11 +1213,6 @@ int tlcp_recv_server_finished(TLS_CONNECT *conn)
 		return -1;
 	}
 
-	if(conn->verbose)
-		fprintf(stderr, "Connection established!\n");
-
-
-
 	return 1;
 }
 

src/tls12.c

@@ -3545,9 +3545,6 @@ int tls_recv_server_finished(TLS_CONNECT *conn)
 		return -1;
 	}
 
-	if(conn->verbose)
-		fprintf(stderr, "Connection established!\n");
-
 	return 1;
 }
 

src/tls_trace.c

@@ -1089,6 +1089,44 @@ int tls_application_data_print(FILE *fp, const uint8_t *data, size_t datalen, in
 // supported_versions 的格式由handshake_type 是否为ClientHello, ServerHello 决定
 // record中是包含这个信息的，但是在exts中没有这个信息
 
+int tls_connect_print(FILE *fp, int fmt, int ind, const char *label, const TLS_CONNECT *conn)
+{
+	const uint8_t *cert;
+	size_t certlen;
+	const uint8_t *name;
+	size_t namelen;
+
+	if (!fp || !conn) {
+		error_print();
+		return -1;
+	}
+
+	if (label) {
+		format_print(fp, fmt, ind, "%s\n", label);
+		ind += 4;
+	}
+
+	format_print(fp, fmt, ind, "%s\n", TLS_CONNECTION_ESTABLISHED_STRING);
+	format_print(fp, fmt, ind, "Protocol: %s\n", tls_protocol_name(conn->protocol));
+	format_print(fp, fmt, ind, "Cipher suite: %s\n", tls_cipher_suite_name(conn->cipher_suite));
+	if (conn->alpn_selected) {
+		format_print(fp, fmt, ind, "ALPN protocol: %s\n", conn->alpn_selected);
+	}
+
+	if (conn->peer_cert_chain_len
+		&& x509_certs_get_cert_by_index(conn->peer_cert_chain,
+			conn->peer_cert_chain_len, 0, &cert, &certlen) == 1) {
+		if (x509_cert_get_subject(cert, certlen, &name, &namelen) == 1) {
+			x509_name_print(fp, fmt, ind, "Peer certificate subject", name, namelen);
+		}
+		if (x509_cert_get_issuer(cert, certlen, &name, &namelen) == 1) {
+			x509_name_print(fp, fmt, ind, "Peer certificate issuer", name, namelen);
+		}
+	}
+
+	return 1;
+}
+
 int tls_print_record(FILE *fp, int fmt, int ind, const char *label, TLS_CONNECT *conn)
 {
 	tls_record_print(fp, conn->record, conn->recordlen, fmt, ind);

tools/tlcp_client.c

@@ -505,6 +505,7 @@ bad:
 		fprintf(stderr, "%s: error\n", prog);
 		goto end;
 	}
+	tls_connect_print(stderr, 0, 0, NULL, &conn);
 
 	if (certoutfile) {
 		FILE *certoutfp;

tools/tls12_client.c

@@ -491,6 +491,7 @@ bad:
 		fprintf(stderr, "%s: error\n", prog);
 		goto end;
 	}
+	tls_connect_print(stderr, 0, 0, NULL, &conn);
 
 	if (get) {
 		snprintf(buf, sizeof(buf), "GET %s HTTP/1.1\r\nHost: %s\r\n\r\n", get, host);

tools/tls13_client.c

@@ -823,7 +823,7 @@ bad:
 		goto end;
 	}
 
-	fprintf(stderr, "connected\n");
+	tls_connect_print(stderr, 0, 0, NULL, &conn);
 	fprintf(stderr, "\n");
 
 	if (get) {