From 6dae79882405d9a7a2e7641649fbcc20b39a2a1a Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 22 Dec 2014 14:09:46 +0100 Subject: [PATCH] openssl: fix SSL/TLS versions in verbose output --- lib/vtls/openssl.c | 41 ++++++++++++++++++++++++++++++++--------- 1 file changed, 32 insertions(+), 9 deletions(-) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index b768d6fbf..4df5a7a2e 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1381,20 +1381,43 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, struct SessionHandle *data; const char *msg_name, *tls_rt_name; char ssl_buf[1024]; - int ver, msg_type, txt_len; + char unknown[32]; + int msg_type, txt_len; + const char *verstr; if(!conn || !conn->data || !conn->data->set.fdebug || (direction != 0 && direction != 1)) return; data = conn->data; - ssl_ver >>= 8; -#ifdef SSL2_VERSION_MAJOR - ver = (ssl_ver == SSL2_VERSION_MAJOR ? '2' : - ssl_ver == SSL3_VERSION_MAJOR ? '3' : '?'); -#else - ver = ssl_ver == SSL3_VERSION_MAJOR ? '3' : '?'; + + switch(ssl_ver) { +#ifdef SSL2_VERSION_MAJOR /* removed in recent versions */ + case SSL2_VERSION_MAJOR: + verstr = "SSLv2"; + break; #endif +#ifdef SSL3_VERSION + case SSL3_VERSION: + verstr = "SSLv3"; + break; +#endif + case TLS1_VERSION: + verstr = "TLSv1.0"; + break; + case TLS1_1_VERSION: + verstr = "TLSv1.1"; + break; + case TLS1_2_VERSION: + verstr = "TLSv1.2"; + break; + default: + snprintf(unknown, sizeof(unknown), "(%x)", ssl_ver); + verstr = unknown; + break; + } + + ssl_ver >>= 8; /* check the upper 8 bits only below */ /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL * always pass-up content-type as 0. But the interesting message-type @@ -1408,8 +1431,8 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, msg_type = *(char*)buf; msg_name = ssl_msg_type(ssl_ver, msg_type); - txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "SSLv%c, %s%s (%d):\n", - ver, tls_rt_name, msg_name, msg_type); + txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s, %s%s (%d):\n", + verstr, tls_rt_name, msg_name, msg_type); Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL); Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :