Commit 690317aa authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

openssl: skip trace outputs for ssl_ver == 0 

The OpenSSL trace callback is wonderfully undocumented but given a
journey in the source code, it seems the cases were ssl_ver is zero
doesn't follow the same pattern and thus turned out confusing and
misleading. For now, we skip doing any CURLINFO_TEXT logging on those
but keep sending them as CURLINFO_SSL_DATA_OUT/IN.

Also, I added direction to the text info and I edited some functions
slightly.

Bug: https://github.com/bagder/curl/issues/219
Reported-by: Jay Satiro, Ashish Shukla
parent 3c104448

lib/vtls/openssl.c

+44 −23
Original line number Diff line number Diff line
@@ -1487,8 +1487,10 @@ static const char *ssl_msg_type(int ssl_ver, int msg) 
        return "Client hello";

      case SSL3_MT_SERVER_HELLO:

        return "Server hello";

      case SSL3_MT_NEWSESSION_TICKET:

        return "Newsession Ticket";

      case SSL3_MT_CERTIFICATE:

        return "CERT";

        return "Certificate";

      case SSL3_MT_SERVER_KEY_EXCHANGE:

        return "Server key exchange";

      case SSL3_MT_CLIENT_KEY_EXCHANGE:
@@ -1501,6 +1503,10 @@ static const char *ssl_msg_type(int ssl_ver, int msg) 
        return "CERT verify";

      case SSL3_MT_FINISHED:

        return "Finished";

#ifdef SSL3_MT_CERTIFICATE_STATUS

      case SSL3_MT_CERTIFICATE_STATUS:

        return "Certificate Status";

#endif

    }

  }

  return "Unknown";
@@ -1508,12 +1514,20 @@ static const char *ssl_msg_type(int ssl_ver, int msg) 


static const char *tls_rt_type(int type)

{

  return (

    type == SSL3_RT_CHANGE_CIPHER_SPEC ? "TLS change cipher, " :

    type == SSL3_RT_ALERT              ? "TLS alert, "         :

    type == SSL3_RT_HANDSHAKE          ? "TLS handshake, "     :

    type == SSL3_RT_APPLICATION_DATA   ? "TLS app data, "      :

                                         "TLS Unknown, ");

  switch(type) {

  case SSL3_RT_HEADER:

    return "TLS header";

  case SSL3_RT_CHANGE_CIPHER_SPEC:

    return "TLS change cipher";

  case SSL3_RT_ALERT:

    return "TLS alert";

  case SSL3_RT_HANDSHAKE:

    return "TLS handshake";

  case SSL3_RT_APPLICATION_DATA:

    return "TLS app data";

  default:

    return "TLS Unknown";

  }

}
@@ -1538,8 +1552,8 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, 
  data = conn->data;



  switch(ssl_ver) {

#ifdef SSL2_VERSION_MAJOR /* removed in recent versions */

  case SSL2_VERSION_MAJOR:

#ifdef SSL2_VERSION /* removed in recent versions */

  case SSL2_VERSION:

    verstr = "SSLv2";

    break;

#endif
@@ -1561,19 +1575,24 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, 
    verstr = "TLSv1.2";

    break;

#endif

  case 0:

    break;

  default:

    snprintf(unknown, sizeof(unknown), "(%x)", ssl_ver);

    verstr = unknown;

    break;

  }



  if(ssl_ver) {

    /* the info given when the version is zero is not that useful for us */



    ssl_ver >>= 8; /* check the upper 8 bits only below */



    /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL

     * always pass-up content-type as 0. But the interesting message-type

     * is at 'buf[0]'.

     */

  if(ssl_ver == SSL3_VERSION_MAJOR && content_type != 0)

    if(ssl_ver == SSL3_VERSION_MAJOR && content_type)

      tls_rt_name = tls_rt_type(content_type);

    else

      tls_rt_name = "";
@@ -1581,9 +1600,11 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, 
    msg_type = *(char*)buf;

    msg_name = ssl_msg_type(ssl_ver, msg_type);



  txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s, %s%s (%d):\n",

                     verstr, tls_rt_name, msg_name, msg_type);

    txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n",

                       verstr, direction?"OUT":"IN",

                       tls_rt_name, msg_name, msg_type);

    Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);

  }



  Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :

             CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);