Commit a3f38539 authored by Jay Satiro's avatar Jay Satiro
Browse files

openssl: Add support for OpenSSL 1.1.1 verbose-mode trace messages 



- Support handling verbose-mode trace messages of type
  SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS,
  SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO,
  SSL3_MT_MESSAGE_HASH

Reported-by: default avatar <iz8mbw@users.noreply.github.com>

Fixes https://github.com/curl/curl/issues/2403
parent 8fb78f9d

lib/vtls/openssl.c

+47 −8
Original line number Diff line number Diff line
@@ -1736,14 +1736,41 @@ static const char *ssl_msg_type(int ssl_ver, int msg) 
#ifdef SSL3_MT_CERTIFICATE_STATUS

      case SSL3_MT_CERTIFICATE_STATUS:

        return "Certificate Status";

#endif

#ifdef SSL3_MT_ENCRYPTED_EXTENSIONS

      case SSL3_MT_ENCRYPTED_EXTENSIONS:

        return "Encrypted Extensions";

#endif

#ifdef SSL3_MT_END_OF_EARLY_DATA

      case SSL3_MT_END_OF_EARLY_DATA:

        return "End of early data";

#endif

#ifdef SSL3_MT_KEY_UPDATE

      case SSL3_MT_KEY_UPDATE:

        return "Key update";

#endif

#ifdef SSL3_MT_NEXT_PROTO

      case SSL3_MT_NEXT_PROTO:

        return "Next protocol";

#endif

#ifdef SSL3_MT_MESSAGE_HASH

      case SSL3_MT_MESSAGE_HASH:

        return "Message hash";

#endif

    }

  }

  return "Unknown";

}



static const char *tls_rt_type(int type)

static const char *tls_rt_type(int type, const void *buf, size_t buflen)

{

  (void)buf;

  (void)buflen;

#ifdef SSL3_RT_INNER_CONTENT_TYPE

  if(type == SSL3_RT_INNER_CONTENT_TYPE && buf && buflen >= 1)

    type = *(unsigned char *)buf;

#endif



  switch(type) {

#ifdef SSL3_RT_HEADER

  case SSL3_RT_HEADER:
@@ -1771,10 +1798,7 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, 
                          void *userp)

{

  struct Curl_easy *data;

  const char *msg_name, *tls_rt_name;

  char ssl_buf[1024];

  char unknown[32];

  int msg_type, txt_len;

  const char *verstr = NULL;

  struct connectdata *conn = userp;
@@ -1822,6 +1846,10 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, 
  }



  if(ssl_ver) {

    const char *msg_name, *tls_rt_name;

    char ssl_buf[1024];

    int msg_type, txt_len;



    /* the info given when the version is zero is not that useful for us */



    ssl_ver >>= 8; /* check the upper 8 bits only below */
@@ -1831,18 +1859,29 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, 
     * is at 'buf[0]'.

     */

    if(ssl_ver == SSL3_VERSION_MAJOR && content_type)

      tls_rt_name = tls_rt_type(content_type);

      tls_rt_name = tls_rt_type(content_type, buf, len);

    else

      tls_rt_name = "";



#ifdef SSL3_RT_INNER_CONTENT_TYPE

    if(content_type == SSL3_RT_INNER_CONTENT_TYPE) {

      msg_type = 0;

      msg_name = "[no content]";

    }

    else

#endif

    {

      msg_type = *(char *)buf;

      msg_name = ssl_msg_type(ssl_ver, msg_type);

    }



    txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n",

                       verstr, direction?"OUT":"IN",

                       tls_rt_name, msg_name, msg_type);

    if(0 <= txt_len && (unsigned)txt_len < sizeof(ssl_buf)) {

      Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);

    }

  }



  Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :

             CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);