Make .status more verbose about TLS

Found by: michaelortmann Patch by: michaelortmann Some TLS libs do not have MD5 or Elliptic Curve support enabled in them for various reasons (export control or patent issues for example). This restricts some of the available choices when it comes to things like SASL authentication. Adding this to .status to make troubleshooting a little easier should a user encounter issues.
eggheads · Jul 6, 2020 · c2befba · c2befba
1 parent 09a24ee
commit c2befba
Showing 1 changed file with 14 additions and 5 deletions.
diff --git a/src/chanprog.c b/src/chanprog.c
@@ -360,17 +360,26 @@ void tell_verbose_status(int idx)
   if (tcl_threaded())
     dprintf(idx, "Tcl is threaded.\n");
 #ifdef TLS
-  dprintf(idx, "TLS support is enabled.\n");
-  dprintf(idx, "TLS library: %s\n", SSLeay_version(SSLEAY_VERSION));
+  dprintf(idx, "TLS support is enabled.\n"
+  #if defined HAVE_EVP_PKEY_GET1_EC_KEY && defined HAVE_OPENSSL_MD5
+               "TLS library: %s\n",
+  #elif !defined HAVE_EVP_PKEY_GET1_EC_KEY && defined HAVE_OPENSSL_MD5
+               "TLS library: %s\n             (no elliptic curve support)\n",
+  #elif defined HAVE_EVP_PKEY_GET1_EC_KEY && !defined HAVE_OPENSSL_MD5
+               "TLS library: %s\n             (no MD5 support)\n",
+  #elif !defined HAVE_EVP_PKEY_GET1_EC_KEY && !defined HAVE_OPENSSL_MD5
+               "TLS library: %s\n             (no elliptic curve or MD5 support)\n",
+  #endif
+          SSLeay_version(SSLEAY_VERSION));
 #else
   dprintf(idx, "TLS support is not available.\n");
 #endif
 #ifdef IPV6
-  dprintf(idx, "IPv6 support is enabled.\n");
+  dprintf(idx, "IPv6 support is enabled.\n"
 #else
-  dprintf(idx, "IPv6 support is not available.\n");
+  dprintf(idx, "IPv6 support is not available.\n"
 #endif
-  dprintf(idx, "Socket table: %d/%d\n", threaddata()->MAXSOCKS, max_socks);
+               "Socket table: %d/%d\n", threaddata()->MAXSOCKS, max_socks);
 }
 
 /* Show all internal state variables