From a3f385393ae63c99ab6e508d3b720a1da04c2f67 Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Tue, 20 Mar 2018 02:57:50 -0400 Subject: openssl: Add support for OpenSSL 1.1.1 verbose-mode trace messages - Support handling verbose-mode trace messages of type SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS, SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO, SSL3_MT_MESSAGE_HASH Reported-by: iz8mbw@users.noreply.github.com Fixes https://github.com/curl/curl/issues/2403 --- lib/vtls/openssl.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 47 insertions(+), 8 deletions(-) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index cbd89cbe4..988fd3506 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1736,14 +1736,41 @@ static const char *ssl_msg_type(int ssl_ver, int msg) #ifdef SSL3_MT_CERTIFICATE_STATUS case SSL3_MT_CERTIFICATE_STATUS: return "Certificate Status"; +#endif +#ifdef SSL3_MT_ENCRYPTED_EXTENSIONS + case SSL3_MT_ENCRYPTED_EXTENSIONS: + return "Encrypted Extensions"; +#endif +#ifdef SSL3_MT_END_OF_EARLY_DATA + case SSL3_MT_END_OF_EARLY_DATA: + return "End of early data"; +#endif +#ifdef SSL3_MT_KEY_UPDATE + case SSL3_MT_KEY_UPDATE: + return "Key update"; +#endif +#ifdef SSL3_MT_NEXT_PROTO + case SSL3_MT_NEXT_PROTO: + return "Next protocol"; +#endif +#ifdef SSL3_MT_MESSAGE_HASH + case SSL3_MT_MESSAGE_HASH: + return "Message hash"; #endif } } return "Unknown"; } -static const char *tls_rt_type(int type) +static const char *tls_rt_type(int type, const void *buf, size_t buflen) { + (void)buf; + (void)buflen; +#ifdef SSL3_RT_INNER_CONTENT_TYPE + if(type == SSL3_RT_INNER_CONTENT_TYPE && buf && buflen >= 1) + type = *(unsigned char *)buf; +#endif + switch(type) { #ifdef SSL3_RT_HEADER case SSL3_RT_HEADER: @@ -1771,10 +1798,7 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, void *userp) { struct Curl_easy *data; - const char *msg_name, *tls_rt_name; - char ssl_buf[1024]; char unknown[32]; - int msg_type, txt_len; const char *verstr = NULL; struct connectdata *conn = userp; @@ -1822,6 +1846,10 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, } if(ssl_ver) { + const char *msg_name, *tls_rt_name; + char ssl_buf[1024]; + int msg_type, txt_len; + /* the info given when the version is zero is not that useful for us */ ssl_ver >>= 8; /* check the upper 8 bits only below */ @@ -1831,17 +1859,28 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, * is at 'buf[0]'. */ if(ssl_ver == SSL3_VERSION_MAJOR && content_type) - tls_rt_name = tls_rt_type(content_type); + tls_rt_name = tls_rt_type(content_type, buf, len); else tls_rt_name = ""; - msg_type = *(char *)buf; - msg_name = ssl_msg_type(ssl_ver, msg_type); +#ifdef SSL3_RT_INNER_CONTENT_TYPE + if(content_type == SSL3_RT_INNER_CONTENT_TYPE) { + msg_type = 0; + msg_name = "[no content]"; + } + else +#endif + { + msg_type = *(char *)buf; + msg_name = ssl_msg_type(ssl_ver, msg_type); + } txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n", verstr, direction?"OUT":"IN", tls_rt_name, msg_name, msg_type); - Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL); + if(0 <= txt_len && (unsigned)txt_len < sizeof(ssl_buf)) { + Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL); + } } Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT : -- cgit v1.2.3