Improve debugging message.
This actually prints only the payload, not the potential IV and/or MAC,
so (to me at least) it's much less confusing
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index a24351e..736eac6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1044,6 +1044,9 @@
SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
+ SSL_DEBUG_BUF( 4, "before encrypt: output payload",
+ ssl->out_msg, ssl->out_msglen );
+
/*
* Add MAC before encrypt, except for AEAD modes
*/
@@ -1102,9 +1105,6 @@
"including %d bytes of padding",
ssl->out_msglen, 0 ) );
- SSL_DEBUG_BUF( 4, "before encrypt: output payload",
- ssl->out_msg, ssl->out_msglen );
-
if( ( ret = cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
ssl->transform_out->iv_enc,
ssl->transform_out->ivlen,
@@ -1185,9 +1185,6 @@
"including %d bytes of padding",
ssl->out_msglen, 0 ) );
- SSL_DEBUG_BUF( 4, "before encrypt: output payload",
- ssl->out_msg, ssl->out_msglen );
-
/*
* Encrypt and authenticate
*/
@@ -1268,9 +1265,6 @@
ssl->out_msglen, ssl->transform_out->ivlen,
padlen + 1 ) );
- SSL_DEBUG_BUF( 4, "before encrypt: output payload",
- ssl->out_iv, ssl->out_msglen );
-
if( ( ret = cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
ssl->transform_out->iv_enc,
ssl->transform_out->ivlen,