openssl: skip trace outputs for ssl_ver == 0
The OpenSSL trace callback is wonderfully undocumented but given a journey in the source code, it seems the cases were ssl_ver is zero doesn't follow the same pattern and thus turned out confusing and misleading. For now, we skip doing any CURLINFO_TEXT logging on those but keep sending them as CURLINFO_SSL_DATA_OUT/IN. Also, I added direction to the text info and I edited some functions slightly. Bug: https://github.com/bagder/curl/issues/219 Reported-by: Jay Satiro, Ashish Shukla
This commit is contained in:
parent
3c104448d6
commit
690317aae2
@ -1487,8 +1487,10 @@ static const char *ssl_msg_type(int ssl_ver, int msg)
|
||||
return "Client hello";
|
||||
case SSL3_MT_SERVER_HELLO:
|
||||
return "Server hello";
|
||||
case SSL3_MT_NEWSESSION_TICKET:
|
||||
return "Newsession Ticket";
|
||||
case SSL3_MT_CERTIFICATE:
|
||||
return "CERT";
|
||||
return "Certificate";
|
||||
case SSL3_MT_SERVER_KEY_EXCHANGE:
|
||||
return "Server key exchange";
|
||||
case SSL3_MT_CLIENT_KEY_EXCHANGE:
|
||||
@ -1501,6 +1503,10 @@ static const char *ssl_msg_type(int ssl_ver, int msg)
|
||||
return "CERT verify";
|
||||
case SSL3_MT_FINISHED:
|
||||
return "Finished";
|
||||
#ifdef SSL3_MT_CERTIFICATE_STATUS
|
||||
case SSL3_MT_CERTIFICATE_STATUS:
|
||||
return "Certificate Status";
|
||||
#endif
|
||||
}
|
||||
}
|
||||
return "Unknown";
|
||||
@ -1508,12 +1514,20 @@ static const char *ssl_msg_type(int ssl_ver, int msg)
|
||||
|
||||
static const char *tls_rt_type(int type)
|
||||
{
|
||||
return (
|
||||
type == SSL3_RT_CHANGE_CIPHER_SPEC ? "TLS change cipher, " :
|
||||
type == SSL3_RT_ALERT ? "TLS alert, " :
|
||||
type == SSL3_RT_HANDSHAKE ? "TLS handshake, " :
|
||||
type == SSL3_RT_APPLICATION_DATA ? "TLS app data, " :
|
||||
"TLS Unknown, ");
|
||||
switch(type) {
|
||||
case SSL3_RT_HEADER:
|
||||
return "TLS header";
|
||||
case SSL3_RT_CHANGE_CIPHER_SPEC:
|
||||
return "TLS change cipher";
|
||||
case SSL3_RT_ALERT:
|
||||
return "TLS alert";
|
||||
case SSL3_RT_HANDSHAKE:
|
||||
return "TLS handshake";
|
||||
case SSL3_RT_APPLICATION_DATA:
|
||||
return "TLS app data";
|
||||
default:
|
||||
return "TLS Unknown";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -1538,8 +1552,8 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
|
||||
data = conn->data;
|
||||
|
||||
switch(ssl_ver) {
|
||||
#ifdef SSL2_VERSION_MAJOR /* removed in recent versions */
|
||||
case SSL2_VERSION_MAJOR:
|
||||
#ifdef SSL2_VERSION /* removed in recent versions */
|
||||
case SSL2_VERSION:
|
||||
verstr = "SSLv2";
|
||||
break;
|
||||
#endif
|
||||
@ -1561,29 +1575,36 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
|
||||
verstr = "TLSv1.2";
|
||||
break;
|
||||
#endif
|
||||
case 0:
|
||||
break;
|
||||
default:
|
||||
snprintf(unknown, sizeof(unknown), "(%x)", ssl_ver);
|
||||
verstr = unknown;
|
||||
break;
|
||||
}
|
||||
|
||||
ssl_ver >>= 8; /* check the upper 8 bits only below */
|
||||
if(ssl_ver) {
|
||||
/* the info given when the version is zero is not that useful for us */
|
||||
|
||||
/* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
|
||||
* always pass-up content-type as 0. But the interesting message-type
|
||||
* is at 'buf[0]'.
|
||||
*/
|
||||
if(ssl_ver == SSL3_VERSION_MAJOR && content_type != 0)
|
||||
tls_rt_name = tls_rt_type(content_type);
|
||||
else
|
||||
tls_rt_name = "";
|
||||
ssl_ver >>= 8; /* check the upper 8 bits only below */
|
||||
|
||||
msg_type = *(char*)buf;
|
||||
msg_name = ssl_msg_type(ssl_ver, msg_type);
|
||||
/* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
|
||||
* always pass-up content-type as 0. But the interesting message-type
|
||||
* is at 'buf[0]'.
|
||||
*/
|
||||
if(ssl_ver == SSL3_VERSION_MAJOR && content_type)
|
||||
tls_rt_name = tls_rt_type(content_type);
|
||||
else
|
||||
tls_rt_name = "";
|
||||
|
||||
txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s, %s%s (%d):\n",
|
||||
verstr, tls_rt_name, msg_name, msg_type);
|
||||
Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
|
||||
msg_type = *(char*)buf;
|
||||
msg_name = ssl_msg_type(ssl_ver, msg_type);
|
||||
|
||||
txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n",
|
||||
verstr, direction?"OUT":"IN",
|
||||
tls_rt_name, msg_name, msg_type);
|
||||
Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
|
||||
}
|
||||
|
||||
Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
|
||||
CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);
|
||||
|
Loading…
x
Reference in New Issue
Block a user