openssl: skip trace outputs for ssl_ver == 0
The OpenSSL trace callback is wonderfully undocumented but given a journey in the source code, it seems the cases were ssl_ver is zero doesn't follow the same pattern and thus turned out confusing and misleading. For now, we skip doing any CURLINFO_TEXT logging on those but keep sending them as CURLINFO_SSL_DATA_OUT/IN. Also, I added direction to the text info and I edited some functions slightly. Bug: https://github.com/bagder/curl/issues/219 Reported-by: Jay Satiro, Ashish Shukla
This commit is contained in:
Daniel Stenberg
parent
3c104448d6
commit
690317aae2
@ -1487,8 +1487,10 @@ static const char *ssl_msg_type(int ssl_ver, int msg)
|
|||||||
return "Client hello";
|
return "Client hello";
|
||||||
case SSL3_MT_SERVER_HELLO:
|
case SSL3_MT_SERVER_HELLO:
|
||||||
return "Server hello";
|
return "Server hello";
|
||||||
|
case SSL3_MT_NEWSESSION_TICKET:
|
||||||
|
return "Newsession Ticket";
|
||||||
case SSL3_MT_CERTIFICATE:
|
case SSL3_MT_CERTIFICATE:
|
||||||
return "CERT";
|
return "Certificate";
|
||||||
case SSL3_MT_SERVER_KEY_EXCHANGE:
|
case SSL3_MT_SERVER_KEY_EXCHANGE:
|
||||||
return "Server key exchange";
|
return "Server key exchange";
|
||||||
case SSL3_MT_CLIENT_KEY_EXCHANGE:
|
case SSL3_MT_CLIENT_KEY_EXCHANGE:
|
||||||
@ -1501,6 +1503,10 @@ static const char *ssl_msg_type(int ssl_ver, int msg)
|
|||||||
return "CERT verify";
|
return "CERT verify";
|
||||||
case SSL3_MT_FINISHED:
|
case SSL3_MT_FINISHED:
|
||||||
return "Finished";
|
return "Finished";
|
||||||
|
#ifdef SSL3_MT_CERTIFICATE_STATUS
|
||||||
|
case SSL3_MT_CERTIFICATE_STATUS:
|
||||||
|
return "Certificate Status";
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return "Unknown";
|
return "Unknown";
|
||||||
@ -1508,12 +1514,20 @@ static const char *ssl_msg_type(int ssl_ver, int msg)
|
|||||||
|
|
||||||
static const char *tls_rt_type(int type)
|
static const char *tls_rt_type(int type)
|
||||||
{
|
{
|
||||||
return (
|
switch(type) {
|
||||||
type == SSL3_RT_CHANGE_CIPHER_SPEC ? "TLS change cipher, " :
|
case SSL3_RT_HEADER:
|
||||||
type == SSL3_RT_ALERT ? "TLS alert, " :
|
return "TLS header";
|
||||||
type == SSL3_RT_HANDSHAKE ? "TLS handshake, " :
|
case SSL3_RT_CHANGE_CIPHER_SPEC:
|
||||||
type == SSL3_RT_APPLICATION_DATA ? "TLS app data, " :
|
return "TLS change cipher";
|
||||||
"TLS Unknown, ");
|
case SSL3_RT_ALERT:
|
||||||
|
return "TLS alert";
|
||||||
|
case SSL3_RT_HANDSHAKE:
|
||||||
|
return "TLS handshake";
|
||||||
|
case SSL3_RT_APPLICATION_DATA:
|
||||||
|
return "TLS app data";
|
||||||
|
default:
|
||||||
|
return "TLS Unknown";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1538,8 +1552,8 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
|
|||||||
data = conn->data;
|
data = conn->data;
|
||||||
|
|
||||||
switch(ssl_ver) {
|
switch(ssl_ver) {
|
||||||
#ifdef SSL2_VERSION_MAJOR /* removed in recent versions */
|
#ifdef SSL2_VERSION /* removed in recent versions */
|
||||||
case SSL2_VERSION_MAJOR:
|
case SSL2_VERSION:
|
||||||
verstr = "SSLv2";
|
verstr = "SSLv2";
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
@ -1561,29 +1575,36 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
|
|||||||
verstr = "TLSv1.2";
|
verstr = "TLSv1.2";
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
case 0:
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
snprintf(unknown, sizeof(unknown), "(%x)", ssl_ver);
|
snprintf(unknown, sizeof(unknown), "(%x)", ssl_ver);
|
||||||
verstr = unknown;
|
verstr = unknown;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_ver >>= 8; /* check the upper 8 bits only below */
|
if(ssl_ver) {
|
||||||
|
/* the info given when the version is zero is not that useful for us */
|
||||||
|
|
||||||
/* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
|
ssl_ver >>= 8; /* check the upper 8 bits only below */
|
||||||
* always pass-up content-type as 0. But the interesting message-type
|
|
||||||
* is at 'buf[0]'.
|
|
||||||
*/
|
|
||||||
if(ssl_ver == SSL3_VERSION_MAJOR && content_type != 0)
|
|
||||||
tls_rt_name = tls_rt_type(content_type);
|
|
||||||
else
|
|
||||||
tls_rt_name = "";
|
|
||||||
|
|
||||||
msg_type = *(char*)buf;
|
/* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
|
||||||
msg_name = ssl_msg_type(ssl_ver, msg_type);
|
* always pass-up content-type as 0. But the interesting message-type
|
||||||
|
* is at 'buf[0]'.
|
||||||
|
*/
|
||||||
|
if(ssl_ver == SSL3_VERSION_MAJOR && content_type)
|
||||||
|
tls_rt_name = tls_rt_type(content_type);
|
||||||
|
else
|
||||||
|
tls_rt_name = "";
|
||||||
|
|
||||||
txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s, %s%s (%d):\n",
|
msg_type = *(char*)buf;
|
||||||
verstr, tls_rt_name, msg_name, msg_type);
|
msg_name = ssl_msg_type(ssl_ver, msg_type);
|
||||||
Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
|
|
||||||
|
txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n",
|
||||||
|
verstr, direction?"OUT":"IN",
|
||||||
|
tls_rt_name, msg_name, msg_type);
|
||||||
|
Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
|
Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
|
||||||
CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);
|
CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user