The tables to convert extension IDs and compression methods to humanly readable names are not available outside ssl/t1_trace.c. SSL_trace() itself produces reams of helpful information as handshakes progress, and is particularly useful for dealing with encrypted handshakes, where wireshark et al don't provide useful output. What is the rationale for ssl-trace to be disabled by default? Was it purely to keep binary sizes down, or was there a security aspect to the decision? -Arran
Attachment:
signature.asc
Description: Message signed with OpenPGP
