From Ivan Sy:
Add a more descriptive log message on DH key exchange. svn path=/trunk/; revision=29825
This commit is contained in:
parent
0fb1a3eca3
commit
564eff837f
|
@ -1801,10 +1801,14 @@ ssl_decrypt_pre_master_secret(SslDecryptSession*ssl_session,
|
||||||
{
|
{
|
||||||
gint i;
|
gint i;
|
||||||
|
|
||||||
if(ssl_session->cipher_suite.kex!=KEX_RSA) {
|
if(ssl_session->cipher_suite.kex == KEX_DH) {
|
||||||
ssl_debug_printf("ssl_decrypt_pre_master_secret key %d different from KEX_RSA(%d)\n",
|
ssl_debug_printf("ssl_decrypt_pre_master_secret session uses DH (%d) key exchange, which is impossible to decrypt\n",
|
||||||
|
KEX_DH);
|
||||||
|
return -1;
|
||||||
|
} else if(ssl_session->cipher_suite.kex != KEX_RSA) {
|
||||||
|
ssl_debug_printf("ssl_decrypt_pre_master_secret key exchange %d different from KEX_RSA (%d)\n",
|
||||||
ssl_session->cipher_suite.kex, KEX_RSA);
|
ssl_session->cipher_suite.kex, KEX_RSA);
|
||||||
return(-1);
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* with tls key loading will fail if not rsa type, so no need to check*/
|
/* with tls key loading will fail if not rsa type, so no need to check*/
|
||||||
|
|
Loading…
Reference in New Issue