From 690317aae21d2b081040dea5405708d1e2d76627 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 4 May 2015 12:27:59 +0200 Subject: [PATCH] openssl: skip trace outputs for ssl_ver == 0 The OpenSSL trace callback is wonderfully undocumented but given a journey in the source code, it seems the cases were ssl_ver is zero doesn't follow the same pattern and thus turned out confusing and misleading. For now, we skip doing any CURLINFO_TEXT logging on those but keep sending them as CURLINFO_SSL_DATA_OUT/IN. Also, I added direction to the text info and I edited some functions slightly. Bug: https://github.com/bagder/curl/issues/219 Reported-by: Jay Satiro, Ashish Shukla --- lib/vtls/openssl.c | 67 ++++++++++++++++++++++++++++++---------------- 1 file changed, 44 insertions(+), 23 deletions(-) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 594a2eec2..fa3e227b0 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1487,8 +1487,10 @@ static const char *ssl_msg_type(int ssl_ver, int msg) return "Client hello"; case SSL3_MT_SERVER_HELLO: return "Server hello"; + case SSL3_MT_NEWSESSION_TICKET: + return "Newsession Ticket"; case SSL3_MT_CERTIFICATE: - return "CERT"; + return "Certificate"; case SSL3_MT_SERVER_KEY_EXCHANGE: return "Server key exchange"; case SSL3_MT_CLIENT_KEY_EXCHANGE: @@ -1501,6 +1503,10 @@ static const char *ssl_msg_type(int ssl_ver, int msg) return "CERT verify"; case SSL3_MT_FINISHED: return "Finished"; +#ifdef SSL3_MT_CERTIFICATE_STATUS + case SSL3_MT_CERTIFICATE_STATUS: + return "Certificate Status"; +#endif } } return "Unknown"; @@ -1508,12 +1514,20 @@ static const char *ssl_msg_type(int ssl_ver, int msg) static const char *tls_rt_type(int type) { - return ( - type == SSL3_RT_CHANGE_CIPHER_SPEC ? "TLS change cipher, " : - type == SSL3_RT_ALERT ? "TLS alert, " : - type == SSL3_RT_HANDSHAKE ? "TLS handshake, " : - type == SSL3_RT_APPLICATION_DATA ? "TLS app data, " : - "TLS Unknown, "); + switch(type) { + case SSL3_RT_HEADER: + return "TLS header"; + case SSL3_RT_CHANGE_CIPHER_SPEC: + return "TLS change cipher"; + case SSL3_RT_ALERT: + return "TLS alert"; + case SSL3_RT_HANDSHAKE: + return "TLS handshake"; + case SSL3_RT_APPLICATION_DATA: + return "TLS app data"; + default: + return "TLS Unknown"; + } } @@ -1538,8 +1552,8 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, data = conn->data; switch(ssl_ver) { -#ifdef SSL2_VERSION_MAJOR /* removed in recent versions */ - case SSL2_VERSION_MAJOR: +#ifdef SSL2_VERSION /* removed in recent versions */ + case SSL2_VERSION: verstr = "SSLv2"; break; #endif @@ -1561,29 +1575,36 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, verstr = "TLSv1.2"; break; #endif + case 0: + break; default: snprintf(unknown, sizeof(unknown), "(%x)", ssl_ver); verstr = unknown; break; } - ssl_ver >>= 8; /* check the upper 8 bits only below */ + if(ssl_ver) { + /* the info given when the version is zero is not that useful for us */ - /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL - * always pass-up content-type as 0. But the interesting message-type - * is at 'buf[0]'. - */ - if(ssl_ver == SSL3_VERSION_MAJOR && content_type != 0) - tls_rt_name = tls_rt_type(content_type); - else - tls_rt_name = ""; + ssl_ver >>= 8; /* check the upper 8 bits only below */ - msg_type = *(char*)buf; - msg_name = ssl_msg_type(ssl_ver, msg_type); + /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL + * always pass-up content-type as 0. But the interesting message-type + * is at 'buf[0]'. + */ + if(ssl_ver == SSL3_VERSION_MAJOR && content_type) + tls_rt_name = tls_rt_type(content_type); + else + tls_rt_name = ""; - txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s, %s%s (%d):\n", - verstr, tls_rt_name, msg_name, msg_type); - Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL); + msg_type = *(char*)buf; + msg_name = ssl_msg_type(ssl_ver, msg_type); + + txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n", + verstr, direction?"OUT":"IN", + tls_rt_name, msg_name, msg_type); + Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL); + } Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT : CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);