diff options
| author | Jay Satiro <raysatiro@yahoo.com> | 2018-03-20 02:57:50 -0400 |
|---|---|---|
| committer | Jay Satiro <raysatiro@yahoo.com> | 2018-04-20 01:28:32 -0400 |
| commit | a3f385393ae63c99ab6e508d3b720a1da04c2f67 (patch) | |
| tree | 8ba9e1e3f03828009fd9ff7834f02f008132ae66 | |
| parent | 8fb78f9ddc6d858d630600059b8ad84a80892fd9 (diff) | |
| download | curl-a3f385393ae63c99ab6e508d3b720a1da04c2f67.tar.gz | |
openssl: Add support for OpenSSL 1.1.1 verbose-mode trace messages
- Support handling verbose-mode trace messages of type
SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS,
SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO,
SSL3_MT_MESSAGE_HASH
Reported-by: iz8mbw@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/2403
| -rw-r--r-- | lib/vtls/openssl.c | 55 |
1 files changed, 47 insertions, 8 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index cbd89cbe4..988fd3506 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1737,13 +1737,40 @@ static const char *ssl_msg_type(int ssl_ver, int msg) case SSL3_MT_CERTIFICATE_STATUS: return "Certificate Status"; #endif +#ifdef SSL3_MT_ENCRYPTED_EXTENSIONS + case SSL3_MT_ENCRYPTED_EXTENSIONS: + return "Encrypted Extensions"; +#endif +#ifdef SSL3_MT_END_OF_EARLY_DATA + case SSL3_MT_END_OF_EARLY_DATA: + return "End of early data"; +#endif +#ifdef SSL3_MT_KEY_UPDATE + case SSL3_MT_KEY_UPDATE: + return "Key update"; +#endif +#ifdef SSL3_MT_NEXT_PROTO + case SSL3_MT_NEXT_PROTO: + return "Next protocol"; +#endif +#ifdef SSL3_MT_MESSAGE_HASH + case SSL3_MT_MESSAGE_HASH: + return "Message hash"; +#endif } } return "Unknown"; } -static const char *tls_rt_type(int type) +static const char *tls_rt_type(int type, const void *buf, size_t buflen) { + (void)buf; + (void)buflen; +#ifdef SSL3_RT_INNER_CONTENT_TYPE + if(type == SSL3_RT_INNER_CONTENT_TYPE && buf && buflen >= 1) + type = *(unsigned char *)buf; +#endif + switch(type) { #ifdef SSL3_RT_HEADER case SSL3_RT_HEADER: @@ -1771,10 +1798,7 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, void *userp) { struct Curl_easy *data; - const char *msg_name, *tls_rt_name; - char ssl_buf[1024]; char unknown[32]; - int msg_type, txt_len; const char *verstr = NULL; struct connectdata *conn = userp; @@ -1822,6 +1846,10 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, } if(ssl_ver) { + const char *msg_name, *tls_rt_name; + char ssl_buf[1024]; + int msg_type, txt_len; + /* the info given when the version is zero is not that useful for us */ ssl_ver >>= 8; /* check the upper 8 bits only below */ @@ -1831,17 +1859,28 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, * is at 'buf[0]'. */ if(ssl_ver == SSL3_VERSION_MAJOR && content_type) - tls_rt_name = tls_rt_type(content_type); + tls_rt_name = tls_rt_type(content_type, buf, len); else tls_rt_name = ""; - msg_type = *(char *)buf; - msg_name = ssl_msg_type(ssl_ver, msg_type); +#ifdef SSL3_RT_INNER_CONTENT_TYPE + if(content_type == SSL3_RT_INNER_CONTENT_TYPE) { + msg_type = 0; + msg_name = "[no content]"; + } + else +#endif + { + msg_type = *(char *)buf; + msg_name = ssl_msg_type(ssl_ver, msg_type); + } txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n", verstr, direction?"OUT":"IN", tls_rt_name, msg_name, msg_type); - Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL); + if(0 <= txt_len && (unsigned)txt_len < sizeof(ssl_buf)) { + Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL); + } } Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT : |