Introducing a dedicated debug message group for libtls
authorMartin Willi <martin@revosec.ch>
Fri, 20 Aug 2010 13:57:47 +0000 (15:57 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 23 Aug 2010 07:47:03 +0000 (09:47 +0200)
src/libstrongswan/debug.c
src/libstrongswan/debug.h
src/libtls/tls_crypto.c
src/libtls/tls_fragmentation.c
src/libtls/tls_peer.c
src/libtls/tls_protection.c
src/libtls/tls_reader.c
src/libtls/tls_server.c

index 21a7e63..deb048b 100644 (file)
@@ -27,6 +27,7 @@ ENUM(debug_names, DBG_DMN, DBG_LIB,
        "KNL",
        "NET",
        "ENC",
+       "TLS",
        "LIB",
 );
 
@@ -40,6 +41,7 @@ ENUM(debug_lower_names, DBG_DMN, DBG_LIB,
        "knl",
        "net",
        "enc",
+       "tls",
        "lib",
 );
 
index a21111d..e23ceed 100644 (file)
@@ -50,6 +50,8 @@ enum debug_t {
        DBG_NET,
        /** message encoding/decoding */
        DBG_ENC,
+       /** libtls */
+       DBG_TLS,
        /** libstrongswan */
        DBG_LIB,
        /** number of groups */
index f3df497..26e4dfa 100644 (file)
@@ -490,10 +490,10 @@ static void build_cipher_suite_list(private_tls_crypto_t *this,
        this->suite_count = count;
        this->suites = malloc(sizeof(tls_cipher_suite_t) * count);
 
-       DBG2(DBG_CFG, "%d supported TLS cipher suites:", count);
+       DBG2(DBG_TLS, "%d supported TLS cipher suites:", count);
        for (i = 0; i < count; i++)
        {
-               DBG2(DBG_CFG, "  %N", tls_cipher_suite_names, suites[i].suite);
+               DBG2(DBG_TLS, "  %N", tls_cipher_suite_names, suites[i].suite);
                this->suites[i] = suites[i].suite;
        }
 }
@@ -515,7 +515,7 @@ static bool create_ciphers(private_tls_crypto_t *this, tls_cipher_suite_t suite)
        algs = find_suite(suite);
        if (!algs)
        {
-               DBG1(DBG_IKE, "selected TLS suite not supported");
+               DBG1(DBG_TLS, "selected TLS suite not supported");
                return FALSE;
        }
 
@@ -530,7 +530,7 @@ static bool create_ciphers(private_tls_crypto_t *this, tls_cipher_suite_t suite)
        }
        if (!this->prf)
        {
-               DBG1(DBG_IKE, "selected TLS PRF not supported");
+               DBG1(DBG_TLS, "selected TLS PRF not supported");
                return FALSE;
        }
 
@@ -540,7 +540,7 @@ static bool create_ciphers(private_tls_crypto_t *this, tls_cipher_suite_t suite)
        this->signer_out = lib->crypto->create_signer(lib->crypto, algs->mac);
        if (!this->signer_in || !this->signer_out)
        {
-               DBG1(DBG_IKE, "selected TLS MAC %N not supported",
+               DBG1(DBG_TLS, "selected TLS MAC %N not supported",
                         integrity_algorithm_names, algs->mac);
                return FALSE;
        }
@@ -559,7 +559,7 @@ static bool create_ciphers(private_tls_crypto_t *this, tls_cipher_suite_t suite)
                                                                                                algs->encr, algs->encr_size);
                if (!this->crypter_in || !this->crypter_out)
                {
-                       DBG1(DBG_IKE, "selected TLS crypter %N not supported",
+                       DBG1(DBG_TLS, "selected TLS crypter %N not supported",
                                 encryption_algorithm_names, algs->encr);
                        return FALSE;
                }
@@ -624,7 +624,7 @@ static bool hash_handshake(private_tls_crypto_t *this, chunk_t *hash)
                hasher = lib->crypto->create_hasher(lib->crypto, alg->hash);
                if (!hasher)
                {
-                       DBG1(DBG_IKE, "%N not supported", hash_algorithm_names, alg->hash);
+                       DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, alg->hash);
                        return FALSE;
                }
                hasher->allocate_hash(hasher, this->handshake, hash);
@@ -638,7 +638,7 @@ static bool hash_handshake(private_tls_crypto_t *this, chunk_t *hash)
                md5 = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
                if (!md5)
                {
-                       DBG1(DBG_IKE, "%N not supported", hash_algorithm_names, HASH_MD5);
+                       DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, HASH_MD5);
                        return FALSE;
                }
                md5->get_hash(md5, this->handshake, buf);
@@ -646,7 +646,7 @@ static bool hash_handshake(private_tls_crypto_t *this, chunk_t *hash)
                sha1 = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
                if (!sha1)
                {
-                       DBG1(DBG_IKE, "%N not supported", hash_algorithm_names, HASH_SHA1);
+                       DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, HASH_SHA1);
                        return FALSE;
                }
                sha1->get_hash(sha1, this->handshake, buf + HASH_SIZE_MD5);
@@ -704,7 +704,7 @@ METHOD(tls_crypto_t, verify_handshake, bool,
                        !reader->read_uint8(reader, &alg) ||
                        !reader->read_data16(reader, &sig))
                {
-                       DBG1(DBG_IKE, "received invalid Certificate Verify");
+                       DBG1(DBG_TLS, "received invalid Certificate Verify");
                        return FALSE;
                }
                /* TODO: map received hash/sig alg to signature scheme */
@@ -720,7 +720,7 @@ METHOD(tls_crypto_t, verify_handshake, bool,
 
                if (!reader->read_data16(reader, &sig))
                {
-                       DBG1(DBG_IKE, "received invalid Certificate Verify");
+                       DBG1(DBG_TLS, "received invalid Certificate Verify");
                        return FALSE;
                }
                if (!hash_handshake(this, &hash))
index 474deae..06e1bcb 100644 (file)
@@ -88,7 +88,7 @@ static status_t process_handshake(private_tls_fragmentation_t *this,
 
                if (reader->remaining(reader) > MAX_TLS_FRAGMENT_LEN)
                {
-                       DBG1(DBG_IKE, "TLS fragment has invalid length");
+                       DBG1(DBG_TLS, "TLS fragment has invalid length");
                        return FAILED;
                }
 
@@ -102,7 +102,7 @@ static status_t process_handshake(private_tls_fragmentation_t *this,
                        this->type = type;
                        if (len > MAX_TLS_HANDSHAKE_LEN)
                        {
-                               DBG1(DBG_IKE, "TLS handshake message exceeds maximum length");
+                               DBG1(DBG_TLS, "TLS handshake message exceeds maximum length");
                                return FAILED;
                        }
                        chunk_free(&this->input);
@@ -124,7 +124,7 @@ static status_t process_handshake(private_tls_fragmentation_t *this,
                if (this->input.len == this->inpos)
                {       /* message completely defragmented, process */
                        msg = tls_reader_create(this->input);
-                       DBG2(DBG_IKE, "received TLS %N message (%u bytes)",
+                       DBG2(DBG_TLS, "received TLS %N message (%u bytes)",
                                 tls_handshake_type_names, this->type, 4 + this->input.len);
                        status = this->handshake->process(this->handshake, this->type, msg);
                        msg->destroy(msg);
@@ -150,7 +150,7 @@ static status_t process_application(private_tls_fragmentation_t *this,
 
                if (reader->remaining(reader) > MAX_TLS_FRAGMENT_LEN)
                {
-                       DBG1(DBG_IKE, "TLS fragment has invalid length");
+                       DBG1(DBG_TLS, "TLS fragment has invalid length");
                        return FAILED;
                }
                status = this->application->process(this->application, reader);
@@ -190,7 +190,7 @@ METHOD(tls_fragmentation_t, process, status_t,
                        status = process_application(this, reader);
                        break;
                default:
-                       DBG1(DBG_IKE, "received unknown TLS content type %d, ignored", type);
+                       DBG1(DBG_TLS, "received unknown TLS content type %d, ignored", type);
                        status = NEED_MORE;
                        break;
        }
@@ -241,7 +241,7 @@ METHOD(tls_fragmentation_t, build, status_t,
                                                hs_data = writer->get_buf(writer);
                                                msg->write_uint8(msg, hs_type);
                                                msg->write_data24(msg, hs_data);
-                                               DBG2(DBG_IKE, "sending TLS %N message (%u bytes)",
+                                               DBG2(DBG_TLS, "sending TLS %N message (%u bytes)",
                                                         tls_handshake_type_names, hs_type, 4 + hs_data.len);
                                                break;
                                        case INVALID_STATE:
index 1bba3b2..09364d5 100644 (file)
@@ -124,7 +124,7 @@ static status_t process_server_hello(private_tls_peer_t *this,
                !reader->read_uint8(reader, &compression) ||
                (reader->remaining(reader) && !reader->read_data16(reader, &ext)))
        {
-               DBG1(DBG_IKE, "received invalid ServerHello");
+               DBG1(DBG_TLS, "received invalid ServerHello");
                return FAILED;
        }
 
@@ -137,11 +137,11 @@ static status_t process_server_hello(private_tls_peer_t *this,
        suite = cipher;
        if (!this->crypto->select_cipher_suite(this->crypto, &suite, 1))
        {
-               DBG1(DBG_IKE, "received TLS cipher suite %N inacceptable",
+               DBG1(DBG_TLS, "received TLS cipher suite %N inacceptable",
                         tls_cipher_suite_names, suite);
                return FAILED;
        }
-       DBG1(DBG_IKE, "negotiated TLS version %N with suite %N",
+       DBG1(DBG_TLS, "negotiated TLS version %N with suite %N",
                 tls_version_names, version, tls_cipher_suite_names, suite);
        this->state = STATE_HELLO_RECEIVED;
        return NEED_MORE;
@@ -181,13 +181,13 @@ static status_t process_certificate(private_tls_peer_t *this,
                        {
                                this->server_auth->add(this->server_auth,
                                                                           AUTH_HELPER_SUBJECT_CERT, cert);
-                               DBG1(DBG_IKE, "received TLS server certificate '%Y'",
+                               DBG1(DBG_TLS, "received TLS server certificate '%Y'",
                                         cert->get_subject(cert));
                                first = FALSE;
                        }
                        else
                        {
-                               DBG1(DBG_IKE, "received TLS intermediate certificate '%Y'",
+                               DBG1(DBG_TLS, "received TLS intermediate certificate '%Y'",
                                         cert->get_subject(cert));
                                this->server_auth->add(this->server_auth,
                                                                           AUTH_HELPER_IM_CERT, cert);
@@ -195,7 +195,7 @@ static status_t process_certificate(private_tls_peer_t *this,
                }
                else
                {
-                       DBG1(DBG_IKE, "parsing TLS certificate failed, skipped");
+                       DBG1(DBG_TLS, "parsing TLS certificate failed, skipped");
                }
        }
        certs->destroy(certs);
@@ -245,12 +245,12 @@ static status_t process_certreq(private_tls_peer_t *this, tls_reader_t *reader)
                                                                          CERT_X509, KEY_ANY, id, TRUE);
                if (cert)
                {
-                       DBG1(DBG_IKE, "received TLS cert request for '%Y", id);
+                       DBG1(DBG_TLS, "received TLS cert request for '%Y", id);
                        this->peer_auth->add(this->peer_auth, AUTH_RULE_CA_CERT, cert);
                }
                else
                {
-                       DBG1(DBG_IKE, "received TLS cert request for unknown CA '%Y'", id);
+                       DBG1(DBG_TLS, "received TLS cert request for unknown CA '%Y'", id);
                }
                id->destroy(id);
        }
@@ -281,17 +281,17 @@ static status_t process_finished(private_tls_peer_t *this, tls_reader_t *reader)
 
        if (!reader->read_data(reader, sizeof(buf), &received))
        {
-               DBG1(DBG_IKE, "received server finished too short");
+               DBG1(DBG_TLS, "received server finished too short");
                return FAILED;
        }
        if (!this->crypto->calculate_finished(this->crypto, "server finished", buf))
        {
-               DBG1(DBG_IKE, "calculating server finished failed");
+               DBG1(DBG_TLS, "calculating server finished failed");
                return FAILED;
        }
        if (!chunk_equals(received, chunk_from_thing(buf)))
        {
-               DBG1(DBG_IKE, "received server finished invalid");
+               DBG1(DBG_TLS, "received server finished invalid");
                return FAILED;
        }
        this->state = STATE_COMPLETE;
@@ -344,11 +344,11 @@ METHOD(tls_handshake_t, process, status_t,
                        expected = TLS_FINISHED;
                        break;
                default:
-                       DBG1(DBG_IKE, "TLS %N not expected in current state",
+                       DBG1(DBG_TLS, "TLS %N not expected in current state",
                                 tls_handshake_type_names, type);
                        return FAILED;
        }
-       DBG1(DBG_IKE, "TLS %N expected, but received %N",
+       DBG1(DBG_TLS, "TLS %N expected, but received %N",
                 tls_handshake_type_names, expected, tls_handshake_type_names, type);
        return FAILED;
 }
@@ -383,11 +383,11 @@ static status_t send_client_hello(private_tls_peer_t *this,
 
        /* add TLS cipher suites */
        count = this->crypto->get_cipher_suites(this->crypto, &suites);
-       DBG2(DBG_IKE, "sending %d TLS cipher suites:", count);
+       DBG2(DBG_TLS, "sending %d TLS cipher suites:", count);
        writer->write_uint16(writer, count * 2);
        for (i = 0; i < count; i++)
        {
-               DBG2(DBG_IKE, "  %N", tls_cipher_suite_names, suites[i]);
+               DBG2(DBG_TLS, "  %N", tls_cipher_suite_names, suites[i]);
                writer->write_uint16(writer, suites[i]);
        }
 
@@ -417,7 +417,7 @@ static status_t send_certificate(private_tls_peer_t *this,
                                                                                KEY_ANY, this->peer, this->peer_auth);
        if (!this->private)
        {
-               DBG1(DBG_IKE, "no TLS peer certificate found for '%Y'", this->peer);
+               DBG1(DBG_TLS, "no TLS peer certificate found for '%Y'", this->peer);
                return FAILED;
        }
 
@@ -428,7 +428,7 @@ static status_t send_certificate(private_tls_peer_t *this,
        {
                if (cert->get_encoding(cert, CERT_ASN1_DER, &data))
                {
-                       DBG1(DBG_IKE, "sending TLS peer certificate '%Y'",
+                       DBG1(DBG_TLS, "sending TLS peer certificate '%Y'",
                                 cert->get_subject(cert));
                        certs->write_data24(certs, data);
                        free(data.ptr);
@@ -441,7 +441,7 @@ static status_t send_certificate(private_tls_peer_t *this,
                {
                        if (cert->get_encoding(cert, CERT_ASN1_DER, &data))
                        {
-                               DBG1(DBG_IKE, "sending TLS intermediate certificate '%Y'",
+                               DBG1(DBG_TLS, "sending TLS intermediate certificate '%Y'",
                                         cert->get_subject(cert));
                                certs->write_data24(certs, data);
                                free(data.ptr);
@@ -476,7 +476,7 @@ static status_t send_key_exchange(private_tls_peer_t *this,
        rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
        if (!rng)
        {
-               DBG1(DBG_IKE, "no suitable RNG found for TLS premaster secret");
+               DBG1(DBG_TLS, "no suitable RNG found for TLS premaster secret");
                return FAILED;
        }
        rng->get_bytes(rng, sizeof(premaster) - 2, premaster + 2);
@@ -501,14 +501,14 @@ static status_t send_key_exchange(private_tls_peer_t *this,
        }
        if (!public)
        {
-               DBG1(DBG_IKE, "no TLS public key found for server '%Y'", this->server);
+               DBG1(DBG_TLS, "no TLS public key found for server '%Y'", this->server);
                return FAILED;
        }
        if (!public->encrypt(public, ENCRYPT_RSA_PKCS1,
                                                 chunk_from_thing(premaster), &encrypted))
        {
                public->destroy(public);
-               DBG1(DBG_IKE, "encrypting TLS premaster secret failed");
+               DBG1(DBG_TLS, "encrypting TLS premaster secret failed");
                return FAILED;
        }
 
@@ -532,7 +532,7 @@ static status_t send_certificate_verify(private_tls_peer_t *this,
        if (!this->private ||
                !this->crypto->sign_handshake(this->crypto, this->private, writer))
        {
-               DBG1(DBG_IKE, "creating TLS Certificate Verify signature failed");
+               DBG1(DBG_TLS, "creating TLS Certificate Verify signature failed");
                return FAILED;
        }
 
@@ -552,7 +552,7 @@ static status_t send_finished(private_tls_peer_t *this,
 
        if (!this->crypto->calculate_finished(this->crypto, "client finished", buf))
        {
-               DBG1(DBG_IKE, "calculating client finished data failed");
+               DBG1(DBG_TLS, "calculating client finished data failed");
                return FAILED;
        }
 
index 107751e..90b30f9 100644 (file)
@@ -116,7 +116,7 @@ METHOD(tls_protection_t, process, status_t,
                {       /* < TLSv1.1 uses IV from key derivation/last block */
                        if (data.len < bs || data.len % bs)
                        {
-                               DBG1(DBG_IKE, "encrypted TLS record length invalid");
+                               DBG1(DBG_TLS, "encrypted TLS record length invalid");
                                return FAILED;
                        }
                        iv = this->iv_in;
@@ -129,7 +129,7 @@ METHOD(tls_protection_t, process, status_t,
                        data = chunk_skip(data, iv.len);
                        if (data.len < bs || data.len % bs)
                        {
-                               DBG1(DBG_IKE, "encrypted TLS record length invalid");
+                               DBG1(DBG_TLS, "encrypted TLS record length invalid");
                                return FAILED;
                        }
                }
@@ -144,7 +144,7 @@ METHOD(tls_protection_t, process, status_t,
                padding_length = data.ptr[data.len - 1];
                if (padding_length >= data.len)
                {
-                       DBG1(DBG_IKE, "invalid TLS record padding");
+                       DBG1(DBG_TLS, "invalid TLS record padding");
                        return FAILED;
                }
                data.len -= padding_length + 1;
@@ -157,7 +157,7 @@ METHOD(tls_protection_t, process, status_t,
                bs = this->signer_in->get_block_size(this->signer_in);
                if (data.len <= bs)
                {
-                       DBG1(DBG_IKE, "TLS record too short to verify MAC");
+                       DBG1(DBG_TLS, "TLS record too short to verify MAC");
                        return FAILED;
                }
                mac = chunk_skip(data, data.len - bs);
@@ -168,7 +168,7 @@ METHOD(tls_protection_t, process, status_t,
                macdata = chunk_cat("mc", header, data);
                if (!this->signer_in->verify_signature(this->signer_in, macdata, mac))
                {
-                       DBG1(DBG_IKE, "TLS record MAC verification failed");
+                       DBG1(DBG_TLS, "TLS record MAC verification failed");
                        free(macdata.ptr);
                        return FAILED;
                }
@@ -228,7 +228,7 @@ METHOD(tls_protection_t, build, status_t,
                                {       /* TLSv1.1 uses random IVs, prepended to record */
                                        if (!this->rng)
                                        {
-                                               DBG1(DBG_IKE, "no RNG supported to generate TLS IV");
+                                               DBG1(DBG_TLS, "no RNG supported to generate TLS IV");
                                                free(data->ptr);
                                                return FAILED;
                                        }
index ee537be..17ec68f 100644 (file)
@@ -52,7 +52,7 @@ METHOD(tls_reader_t, read_uint8, bool,
 {
        if (this->buf.len < 1)
        {
-               DBG1(DBG_IKE, "%d bytes insufficient to parse uint%d TLS data",
+               DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data",
                         this->buf.len, 8);
                return FALSE;
        }
@@ -66,7 +66,7 @@ METHOD(tls_reader_t, read_uint16, bool,
 {
        if (this->buf.len < 2)
        {
-               DBG1(DBG_IKE, "%d bytes insufficient to parse uint%d TLS data",
+               DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data",
                         this->buf.len, 16);
                return FALSE;
        }
@@ -80,7 +80,7 @@ METHOD(tls_reader_t, read_uint24, bool,
 {
        if (this->buf.len < 3)
        {
-               DBG1(DBG_IKE, "%d bytes insufficient to parse uint%d TLS data",
+               DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data",
                         this->buf.len, 24);
                return FALSE;
        }
@@ -94,7 +94,7 @@ METHOD(tls_reader_t, read_uint32, bool,
 {
        if (this->buf.len < 4)
        {
-               DBG1(DBG_IKE, "%d bytes insufficient to parse uint%d TLS data",
+               DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data",
                         this->buf.len, 32);
                return FALSE;
        }
@@ -108,7 +108,7 @@ METHOD(tls_reader_t, read_data, bool,
 {
        if (this->buf.len < len)
        {
-               DBG1(DBG_IKE, "%d bytes insufficient to parse %d bytes TLS data",
+               DBG1(DBG_TLS, "%d bytes insufficient to parse %d bytes TLS data",
                         this->buf.len, len);
                return FALSE;
        }
index 763afc9..18aa09d 100644 (file)
@@ -131,7 +131,7 @@ static status_t process_client_hello(private_tls_server_t *this,
                !reader->read_data8(reader, &compression) ||
                (reader->remaining(reader) && !reader->read_data16(reader, &ext)))
        {
-               DBG1(DBG_IKE, "received invalid ClientHello");
+               DBG1(DBG_TLS, "received invalid ClientHello");
                return FAILED;
        }
 
@@ -144,19 +144,19 @@ static status_t process_client_hello(private_tls_server_t *this,
 
        count = ciphers.len / sizeof(u_int16_t);
        suites = alloca(count * sizeof(tls_cipher_suite_t));
-       DBG2(DBG_IKE, "received %d TLS cipher suites:", count);
+       DBG2(DBG_TLS, "received %d TLS cipher suites:", count);
        for (i = 0; i < count; i++)
        {
                suites[i] = untoh16(&ciphers.ptr[i * sizeof(u_int16_t)]);
-               DBG2(DBG_IKE, "  %N", tls_cipher_suite_names, suites[i]);
+               DBG2(DBG_TLS, "  %N", tls_cipher_suite_names, suites[i]);
        }
        this->suite = this->crypto->select_cipher_suite(this->crypto, suites, count);
        if (!this->suite)
        {
-               DBG1(DBG_IKE, "received cipher suites inacceptable");
+               DBG1(DBG_TLS, "received cipher suites inacceptable");
                return FAILED;
        }
-       DBG1(DBG_IKE, "negotiated TLS version %N with suite %N",
+       DBG1(DBG_TLS, "negotiated TLS version %N with suite %N",
                 tls_version_names, version, tls_cipher_suite_names, this->suite);
        this->state = STATE_HELLO_RECEIVED;
        return NEED_MORE;
@@ -196,20 +196,20 @@ static status_t process_certificate(private_tls_server_t *this,
                        {
                                this->peer_auth->add(this->peer_auth,
                                                                         AUTH_HELPER_SUBJECT_CERT, cert);
-                               DBG1(DBG_IKE, "received TLS peer certificate '%Y'",
+                               DBG1(DBG_TLS, "received TLS peer certificate '%Y'",
                                         cert->get_subject(cert));
                                first = FALSE;
                        }
                        else
                        {
-                               DBG1(DBG_IKE, "received TLS intermediate certificate '%Y'",
+                               DBG1(DBG_TLS, "received TLS intermediate certificate '%Y'",
                                         cert->get_subject(cert));
                                this->peer_auth->add(this->peer_auth, AUTH_HELPER_IM_CERT, cert);
                        }
                }
                else
                {
-                       DBG1(DBG_IKE, "parsing TLS certificate failed, skipped");
+                       DBG1(DBG_TLS, "parsing TLS certificate failed, skipped");
                }
        }
        certs->destroy(certs);
@@ -230,7 +230,7 @@ static status_t process_key_exchange(private_tls_server_t *this,
 
        if (!reader->read_data16(reader, &encrypted))
        {
-               DBG1(DBG_IKE, "received invalid Client Key Exchange");
+               DBG1(DBG_TLS, "received invalid Client Key Exchange");
                return FAILED;
        }
 
@@ -238,7 +238,7 @@ static status_t process_key_exchange(private_tls_server_t *this,
                !this->private->decrypt(this->private, ENCRYPT_RSA_PKCS1,
                                                                encrypted, &premaster))
        {
-               DBG1(DBG_IKE, "decrypting Client Key Exchange data failed");
+               DBG1(DBG_TLS, "decrypting Client Key Exchange data failed");
                return FAILED;
        }
        this->crypto->derive_secrets(this->crypto, premaster,
@@ -273,13 +273,13 @@ static status_t process_cert_verify(private_tls_server_t *this,
                {
                        break;
                }
-               DBG1(DBG_IKE, "signature verification failed, trying another key");
+               DBG1(DBG_TLS, "signature verification failed, trying another key");
        }
        enumerator->destroy(enumerator);
 
        if (!verified)
        {
-               DBG1(DBG_IKE, "no trusted certificate found for '%Y' to verify TLS peer",
+               DBG1(DBG_TLS, "no trusted certificate found for '%Y' to verify TLS peer",
                         this->peer);
                return FAILED;
        }
@@ -301,17 +301,17 @@ static status_t process_finished(private_tls_server_t *this,
 
        if (!reader->read_data(reader, sizeof(buf), &received))
        {
-               DBG1(DBG_IKE, "received client finished too short");
+               DBG1(DBG_TLS, "received client finished too short");
                return FAILED;
        }
        if (!this->crypto->calculate_finished(this->crypto, "client finished", buf))
        {
-               DBG1(DBG_IKE, "calculating client finished failed");
+               DBG1(DBG_TLS, "calculating client finished failed");
                return FAILED;
        }
        if (!chunk_equals(received, chunk_from_thing(buf)))
        {
-               DBG1(DBG_IKE, "received client finished invalid");
+               DBG1(DBG_TLS, "received client finished invalid");
                return FAILED;
        }
 
@@ -374,11 +374,11 @@ METHOD(tls_handshake_t, process, status_t,
                        expected = TLS_FINISHED;
                        break;
                default:
-                       DBG1(DBG_IKE, "TLS %N not expected in current state",
+                       DBG1(DBG_TLS, "TLS %N not expected in current state",
                                 tls_handshake_type_names, type);
                        return FAILED;
        }
-       DBG1(DBG_IKE, "TLS %N expected, but received %N",
+       DBG1(DBG_TLS, "TLS %N expected, but received %N",
                 tls_handshake_type_names, expected, tls_handshake_type_names, type);
        return FAILED;
 }
@@ -410,7 +410,7 @@ static status_t send_server_hello(private_tls_server_t *this,
        writer->write_data8(writer, chunk_empty);
 
        /* add selected TLS cipher suite */
-       DBG2(DBG_IKE, "sending TLS cipher suite: %N",
+       DBG2(DBG_TLS, "sending TLS cipher suite: %N",
                 tls_cipher_suite_names, this->suite);
        writer->write_uint16(writer, this->suite);
 
@@ -439,7 +439,7 @@ static status_t send_certificate(private_tls_server_t *this,
                                                                        KEY_ANY, this->server, this->server_auth);
        if (!this->private)
        {
-               DBG1(DBG_IKE, "no TLS server certificate found for '%Y'", this->server);
+               DBG1(DBG_TLS, "no TLS server certificate found for '%Y'", this->server);
                return FAILED;
        }
 
@@ -450,7 +450,7 @@ static status_t send_certificate(private_tls_server_t *this,
        {
                if (cert->get_encoding(cert, CERT_ASN1_DER, &data))
                {
-                       DBG1(DBG_IKE, "sending TLS server certificate '%Y'",
+                       DBG1(DBG_TLS, "sending TLS server certificate '%Y'",
                                 cert->get_subject(cert));
                        certs->write_data24(certs, data);
                        free(data.ptr);
@@ -463,7 +463,7 @@ static status_t send_certificate(private_tls_server_t *this,
                {
                        if (cert->get_encoding(cert, CERT_ASN1_DER, &data))
                        {
-                               DBG1(DBG_IKE, "sending TLS intermediate certificate '%Y'",
+                               DBG1(DBG_TLS, "sending TLS intermediate certificate '%Y'",
                                         cert->get_subject(cert));
                                certs->write_data24(certs, data);
                                free(data.ptr);
@@ -510,7 +510,7 @@ static status_t send_certificate_request(private_tls_server_t *this,
                if (x509->get_flags(x509) & X509_CA)
                {
                        id = cert->get_subject(cert);
-                       DBG1(DBG_IKE, "sending TLS cert request for '%Y'", id);
+                       DBG1(DBG_TLS, "sending TLS cert request for '%Y'", id);
                        authorities->write_data16(authorities, id->get_encoding(id));
                }
        }
@@ -546,7 +546,7 @@ static status_t send_finished(private_tls_server_t *this,
 
        if (!this->crypto->calculate_finished(this->crypto, "server finished", buf))
        {
-               DBG1(DBG_IKE, "calculating server finished data failed");
+               DBG1(DBG_TLS, "calculating server finished data failed");
                return FAILED;
        }