Initial record tracing code. Print out all fields in SSL/TLS records

for debugging purposes. Needs "enable-ssl-trace" configuration option.

CHANGES

@@ -4,6 +4,12 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Initial SSL tracing code. This parses out SSL/TLS records using the
+     message callback and prints the results. Needs compile time option
+     "enable-ssl-trace". New options to s_client and s_server to enable
+     tracing.
+     [Steve Henson]
+
   *) New functions to retrieve certificate signature and signature
      OID NID.
      [Steve Henson]

Configure

@@ -715,6 +715,7 @@ my %disabled = ( # "what"         => "comment" [or special keyword "experimental
 		 "rfc3779"	  => "default",
 		 "sctp"       => "default",
 		 "shared"         => "default",
+		 "ssl-trace"	  => "default",
 		 "store"	  => "experimental",
 		 "zlib"           => "default",
 		 "zlib-dynamic"   => "default"

apps/s_client.c

@@ -217,6 +217,7 @@ static int ocsp_resp_cb(SSL *s, void *arg);
 static int audit_proof_cb(SSL *s, void *arg);
 #endif
 static BIO *bio_c_out=NULL;
+static BIO *bio_c_msg=NULL;
 static int c_quiet=0;
 static int c_ign_eof=0;
 
@@ -743,6 +744,15 @@ int MAIN(int argc, char **argv)
 #endif
 		else if	(strcmp(*argv,"-msg") == 0)
 			c_msg=1;
+		else if	(strcmp(*argv,"-msgfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			bio_c_msg = BIO_new_file(*(++argv), "w");
+			}
+#ifndef OPENSSL_NO_SSL_TRACE
+		else if	(strcmp(*argv,"-trace") == 0)
+			c_msg=2;
+#endif
 		else if	(strcmp(*argv,"-showcerts") == 0)
 			c_showcerts=1;
 		else if	(strcmp(*argv,"-nbio_test") == 0)
@@ -1348,8 +1358,13 @@ re_start:
 		}
 	if (c_msg)
 		{
+#ifndef OPENSSL_NO_SSL_TRACE
+		if (c_msg == 2)
+			SSL_set_msg_callback(con, SSL_trace);
+		else
+#endif
 			SSL_set_msg_callback(con, msg_cb);
-		SSL_set_msg_callback_arg(con, bio_c_out);
+		SSL_set_msg_callback_arg(con, bio_c_msg ? bio_c_msg : bio_c_out);
 		}
 #ifndef OPENSSL_NO_TLSEXT
 	if (c_tlsextdebug)
@@ -1926,6 +1941,11 @@ end:
 		BIO_free(bio_c_out);
 		bio_c_out=NULL;
 		}
+	if (bio_c_msg != NULL)
+		{
+		BIO_free(bio_c_msg);
+		bio_c_msg=NULL;
+		}
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}

apps/s_server.c

@@ -288,6 +288,7 @@ static SSL_CTX *ctx2=NULL;
 static int www=0;
 
 static BIO *bio_s_out=NULL;
+static BIO *bio_s_msg = NULL;
 static int s_debug=0;
 #ifndef OPENSSL_NO_TLSEXT
 static int s_tlsextdebug=0;
@@ -1207,6 +1208,15 @@ int MAIN(int argc, char *argv[])
 #endif
 		else if	(strcmp(*argv,"-msg") == 0)
 			{ s_msg=1; }
+		else if	(strcmp(*argv,"-msgfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			bio_s_msg = BIO_new_file(*(++argv), "w");
+			}
+#ifndef OPENSSL_NO_SSL_TRACE
+		else if	(strcmp(*argv,"-trace") == 0)
+			{ s_msg=2; }
+#endif
 		else if	(strcmp(*argv,"-hack") == 0)
 			{ hack=1; }
 		else if	(strcmp(*argv,"-state") == 0)
@@ -2004,6 +2014,11 @@ end:
         BIO_free(bio_s_out);
 		bio_s_out=NULL;
 		}
+	if (bio_s_msg != NULL)
+		{
+		BIO_free(bio_s_msg);
+		bio_s_msg = NULL;
+		}
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
@@ -2158,8 +2173,13 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 		}
 	if (s_msg)
 		{
+#ifndef OPENSSL_NO_SSL_TRACE
+		if (s_msg == 2)
+			SSL_set_msg_callback(con, SSL_trace);
+		else
+#endif
 			SSL_set_msg_callback(con, msg_cb);
-		SSL_set_msg_callback_arg(con, bio_s_out);
+		SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
 		}
 #ifndef OPENSSL_NO_TLSEXT
 	if (s_tlsextdebug)
@@ -2712,8 +2732,13 @@ static int www_body(char *hostname, int s, unsigned char *context)
 		}
 	if (s_msg)
 		{
+#ifndef OPENSSL_NO_SSL_TRACE
+		if (s_msg == 2)
+			SSL_set_msg_callback(con, SSL_trace);
+		else
+#endif
 			SSL_set_msg_callback(con, msg_cb);
-		SSL_set_msg_callback_arg(con, bio_s_out);
+		SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
 		}
 
 	for (;;)

ssl/Makefile

@@ -30,7 +30,7 @@ LIBSRC=	\
 	ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
 	ssl_ciph.c ssl_stat.c ssl_rsa.c \
 	ssl_asn1.c ssl_txt.c ssl_algs.c \
-	bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c
+	bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c
 LIBOBJ= \
 	s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
 	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o \
@@ -41,7 +41,7 @@ LIBOBJ= \
 	ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
 	ssl_ciph.o ssl_stat.o ssl_rsa.o \
 	ssl_asn1.o ssl_txt.o ssl_algs.o \
-	bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o
+	bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o
 
 SRC= $(LIBSRC)
 

ssl/ssl.h

@@ -2136,6 +2136,11 @@ void SSL_set_not_resumable_session_callback(SSL *ssl,
 void SSL_set_debug(SSL *s, int debug);
 int SSL_cache_hit(SSL *s);
 
+#ifndef OPENSSL_NO_SSL_TRACE
+void SSL_trace(int write_p, int version, int content_type,
+		const void *buf, size_t len, SSL *ssl, void *arg);
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.