aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
authorJay Satiro <raysatiro@yahoo.com>2018-03-20 02:57:50 -0400
committerJay Satiro <raysatiro@yahoo.com>2018-04-20 01:28:32 -0400
commita3f385393ae63c99ab6e508d3b720a1da04c2f67 (patch)
tree8ba9e1e3f03828009fd9ff7834f02f008132ae66 /lib/vtls
parent8fb78f9ddc6d858d630600059b8ad84a80892fd9 (diff)
openssl: Add support for OpenSSL 1.1.1 verbose-mode trace messages
- Support handling verbose-mode trace messages of type SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS, SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO, SSL3_MT_MESSAGE_HASH Reported-by: iz8mbw@users.noreply.github.com Fixes https://github.com/curl/curl/issues/2403
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/openssl.c55
1 files changed, 47 insertions, 8 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index cbd89cbe4..988fd3506 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1737,13 +1737,40 @@ static const char *ssl_msg_type(int ssl_ver, int msg)
case SSL3_MT_CERTIFICATE_STATUS:
return "Certificate Status";
#endif
+#ifdef SSL3_MT_ENCRYPTED_EXTENSIONS
+ case SSL3_MT_ENCRYPTED_EXTENSIONS:
+ return "Encrypted Extensions";
+#endif
+#ifdef SSL3_MT_END_OF_EARLY_DATA
+ case SSL3_MT_END_OF_EARLY_DATA:
+ return "End of early data";
+#endif
+#ifdef SSL3_MT_KEY_UPDATE
+ case SSL3_MT_KEY_UPDATE:
+ return "Key update";
+#endif
+#ifdef SSL3_MT_NEXT_PROTO
+ case SSL3_MT_NEXT_PROTO:
+ return "Next protocol";
+#endif
+#ifdef SSL3_MT_MESSAGE_HASH
+ case SSL3_MT_MESSAGE_HASH:
+ return "Message hash";
+#endif
}
}
return "Unknown";
}
-static const char *tls_rt_type(int type)
+static const char *tls_rt_type(int type, const void *buf, size_t buflen)
{
+ (void)buf;
+ (void)buflen;
+#ifdef SSL3_RT_INNER_CONTENT_TYPE
+ if(type == SSL3_RT_INNER_CONTENT_TYPE && buf && buflen >= 1)
+ type = *(unsigned char *)buf;
+#endif
+
switch(type) {
#ifdef SSL3_RT_HEADER
case SSL3_RT_HEADER:
@@ -1771,10 +1798,7 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
void *userp)
{
struct Curl_easy *data;
- const char *msg_name, *tls_rt_name;
- char ssl_buf[1024];
char unknown[32];
- int msg_type, txt_len;
const char *verstr = NULL;
struct connectdata *conn = userp;
@@ -1822,6 +1846,10 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
}
if(ssl_ver) {
+ const char *msg_name, *tls_rt_name;
+ char ssl_buf[1024];
+ int msg_type, txt_len;
+
/* the info given when the version is zero is not that useful for us */
ssl_ver >>= 8; /* check the upper 8 bits only below */
@@ -1831,17 +1859,28 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
* is at 'buf[0]'.
*/
if(ssl_ver == SSL3_VERSION_MAJOR && content_type)
- tls_rt_name = tls_rt_type(content_type);
+ tls_rt_name = tls_rt_type(content_type, buf, len);
else
tls_rt_name = "";
- msg_type = *(char *)buf;
- msg_name = ssl_msg_type(ssl_ver, msg_type);
+#ifdef SSL3_RT_INNER_CONTENT_TYPE
+ if(content_type == SSL3_RT_INNER_CONTENT_TYPE) {
+ msg_type = 0;
+ msg_name = "[no content]";
+ }
+ else
+#endif
+ {
+ msg_type = *(char *)buf;
+ msg_name = ssl_msg_type(ssl_ver, msg_type);
+ }
txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n",
verstr, direction?"OUT":"IN",
tls_rt_name, msg_name, msg_type);
- Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
+ if(0 <= txt_len && (unsigned)txt_len < sizeof(ssl_buf)) {
+ Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
+ }
}
Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :