From: Dr. Stephen Henson Date: Fri, 7 Dec 2012 23:42:33 +0000 (+0000) Subject: send out the raw SSL/TLS headers to the msg_callback and display them in SSL_trace X-Git-Tag: master-post-reformat~1534 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=36b5bb6f2f944d6fb9a458da76ffdfa9154c03c2;p=oweals%2Fopenssl.git send out the raw SSL/TLS headers to the msg_callback and display them in SSL_trace --- diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 20a8b3ba5c..2c38b1a76a 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -587,7 +587,10 @@ static int ssl23_client_hello(SSL *s) if (ssl2_compat) s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); else + { + s->msg_callback(1, version, SSL3_RT_HEADER, s->init_buf->data, 5, s, s->msg_callback_arg); s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg); + } } return ret; @@ -743,7 +746,10 @@ static int ssl23_get_server_hello(SSL *s) } if (s->msg_callback) + { + s->msg_callback(0, s->version, SSL3_RT_HEADER, p, 5, s, s->msg_callback_arg); s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg); + } s->rwstate=SSL_NOTHING; SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]); diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index dca345865a..4299af1e7c 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -321,6 +321,8 @@ again: s->rstate=SSL_ST_READ_BODY; p=s->packet; + if (s->msg_callback) + s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s, s->msg_callback_arg); /* Pull apart the header into the SSL3_RECORD */ rr->type= *(p++); @@ -822,6 +824,9 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* record length after mac and block padding */ s2n(wr->length,plen); + if (s->msg_callback) + s->msg_callback(1, 0, SSL3_RT_HEADER, plen - 5, 5, s, s->msg_callback_arg); + /* we should now have * wr->data pointing to the encrypted data, which is * wr->length long */ diff --git a/ssl/ssl3.h b/ssl/ssl3.h index b0b6539d5e..d2a5208824 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -338,6 +338,9 @@ extern "C" { #define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) #define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) +/* Pseudo content type for SSL/TLS header info */ +#define SSL3_RT_HEADER 0x100 + #define SSL3_AL_WARNING 1 #define SSL3_AL_FATAL 2 diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index f3a2352949..b8651641a3 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -1224,18 +1224,19 @@ void SSL_trace(int write_p, int version, int content_type, msg, msglen); return; } - - BIO_printf(bio, "%s Record: Version = %s (0x%x)", - write_p ? "Sent" : "Received", - ssl_trace_str(version, ssl_version_tbl), - version); - BIO_printf(bio, " Length=%d\n", (int)msglen); - BIO_printf(bio, " Content Type = %s (%d)\n", - ssl_trace_str(content_type, ssl_content_tbl), - content_type); - switch (content_type) { + case SSL3_RT_HEADER: + { + int hvers = msg[1] << 8 | msg[2]; + BIO_puts(bio, write_p ? "Sent" : "Received"); + BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n", + ssl_trace_str(hvers, ssl_version_tbl), hvers); + BIO_printf(bio, " Content Type = %s (%d)\n Length = %d", + ssl_trace_str(msg[0], ssl_content_tbl), msg[0], + msg[3] << 8 | msg[4]); + } + break; case SSL3_RT_HANDSHAKE: if (!ssl_print_handshake(bio, ssl, msg, msglen, 4)) BIO_printf(bio, "Message length parse error!\n");