aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2015-05-04 12:27:59 +0200
committerDaniel Stenberg <daniel@haxx.se>2015-05-04 12:27:59 +0200
commit690317aae21d2b081040dea5405708d1e2d76627 (patch)
tree1cb01ce0fbd265e20a1ddf0f5806576e2bda6110
parent3c104448d6c0b4b8d35263c5ec77e8386393fdff (diff)
openssl: skip trace outputs for ssl_ver == 0
The OpenSSL trace callback is wonderfully undocumented but given a journey in the source code, it seems the cases were ssl_ver is zero doesn't follow the same pattern and thus turned out confusing and misleading. For now, we skip doing any CURLINFO_TEXT logging on those but keep sending them as CURLINFO_SSL_DATA_OUT/IN. Also, I added direction to the text info and I edited some functions slightly. Bug: https://github.com/bagder/curl/issues/219 Reported-by: Jay Satiro, Ashish Shukla
-rw-r--r--lib/vtls/openssl.c67
1 files changed, 44 insertions, 23 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 594a2eec2..fa3e227b0 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1487,8 +1487,10 @@ static const char *ssl_msg_type(int ssl_ver, int msg)
return "Client hello";
case SSL3_MT_SERVER_HELLO:
return "Server hello";
+ case SSL3_MT_NEWSESSION_TICKET:
+ return "Newsession Ticket";
case SSL3_MT_CERTIFICATE:
- return "CERT";
+ return "Certificate";
case SSL3_MT_SERVER_KEY_EXCHANGE:
return "Server key exchange";
case SSL3_MT_CLIENT_KEY_EXCHANGE:
@@ -1501,6 +1503,10 @@ static const char *ssl_msg_type(int ssl_ver, int msg)
return "CERT verify";
case SSL3_MT_FINISHED:
return "Finished";
+#ifdef SSL3_MT_CERTIFICATE_STATUS
+ case SSL3_MT_CERTIFICATE_STATUS:
+ return "Certificate Status";
+#endif
}
}
return "Unknown";
@@ -1508,12 +1514,20 @@ static const char *ssl_msg_type(int ssl_ver, int msg)
static const char *tls_rt_type(int type)
{
- return (
- type == SSL3_RT_CHANGE_CIPHER_SPEC ? "TLS change cipher, " :
- type == SSL3_RT_ALERT ? "TLS alert, " :
- type == SSL3_RT_HANDSHAKE ? "TLS handshake, " :
- type == SSL3_RT_APPLICATION_DATA ? "TLS app data, " :
- "TLS Unknown, ");
+ switch(type) {
+ case SSL3_RT_HEADER:
+ return "TLS header";
+ case SSL3_RT_CHANGE_CIPHER_SPEC:
+ return "TLS change cipher";
+ case SSL3_RT_ALERT:
+ return "TLS alert";
+ case SSL3_RT_HANDSHAKE:
+ return "TLS handshake";
+ case SSL3_RT_APPLICATION_DATA:
+ return "TLS app data";
+ default:
+ return "TLS Unknown";
+ }
}
@@ -1538,8 +1552,8 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
data = conn->data;
switch(ssl_ver) {
-#ifdef SSL2_VERSION_MAJOR /* removed in recent versions */
- case SSL2_VERSION_MAJOR:
+#ifdef SSL2_VERSION /* removed in recent versions */
+ case SSL2_VERSION:
verstr = "SSLv2";
break;
#endif
@@ -1561,29 +1575,36 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
verstr = "TLSv1.2";
break;
#endif
+ case 0:
+ break;
default:
snprintf(unknown, sizeof(unknown), "(%x)", ssl_ver);
verstr = unknown;
break;
}
- ssl_ver >>= 8; /* check the upper 8 bits only below */
+ if(ssl_ver) {
+ /* the info given when the version is zero is not that useful for us */
- /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
- * always pass-up content-type as 0. But the interesting message-type
- * is at 'buf[0]'.
- */
- if(ssl_ver == SSL3_VERSION_MAJOR && content_type != 0)
- tls_rt_name = tls_rt_type(content_type);
- else
- tls_rt_name = "";
+ ssl_ver >>= 8; /* check the upper 8 bits only below */
- msg_type = *(char*)buf;
- msg_name = ssl_msg_type(ssl_ver, msg_type);
+ /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
+ * always pass-up content-type as 0. But the interesting message-type
+ * is at 'buf[0]'.
+ */
+ if(ssl_ver == SSL3_VERSION_MAJOR && content_type)
+ tls_rt_name = tls_rt_type(content_type);
+ else
+ tls_rt_name = "";
- txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s, %s%s (%d):\n",
- verstr, tls_rt_name, msg_name, msg_type);
- Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
+ msg_type = *(char*)buf;
+ msg_name = ssl_msg_type(ssl_ver, msg_type);
+
+ txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n",
+ verstr, direction?"OUT":"IN",
+ tls_rt_name, msg_name, msg_type);
+ Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
+ }
Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);