From: Denys Vlasenko Date: Fri, 20 Jan 2017 13:12:10 +0000 (+0100) Subject: tls: decode alerts and in particular, EOF alert. X-Git-Tag: 1_27_0~200 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a0aae9f71442366ec429657c437fd7dd815978fd;p=oweals%2Fbusybox.git tls: decode alerts and in particular, EOF alert. Signed-off-by: Denys Vlasenko --- diff --git a/networking/tls.c b/networking/tls.c index 71be2def8..e037eba69 100644 --- a/networking/tls.c +++ b/networking/tls.c @@ -28,6 +28,7 @@ #define TLS_DEBUG 1 #define TLS_DEBUG_HASH 1 #define TLS_DEBUG_DER 0 +#define TLS_DEBUG_FIXED_SECRETS 0 #if TLS_DEBUG # define dbg(...) fprintf(stderr, __VA_ARGS__) @@ -152,7 +153,6 @@ // and against wolfssl-3.9.10-stable/examples/server/server.c: //#define CIPHER_ID TLS_RSA_WITH_NULL_SHA256 // for testing (does everything except encrypting) // works against wolfssl-3.9.10-stable/examples/server/server.c -// (getting back and decrypt ok first application data message) #define CIPHER_ID TLS_RSA_WITH_AES_256_CBC_SHA256 // ok, no SERVER_KEY_EXCHANGE enum { @@ -163,6 +163,8 @@ enum { AES128_KEYSIZE = 16, AES256_KEYSIZE = 32, + RECHDR_LEN = 5, + MAX_TLS_RECORD = (1 << 14), OUTBUF_PFX = 8 + AES_BLOCKSIZE, /* header + IV */ OUTBUF_SFX = SHA256_OUTSIZE + AES_BLOCKSIZE, /* MAC + padding */ @@ -257,15 +259,15 @@ static void dump_tls_record(const void *vp, int len) while (len > 0) { unsigned xhdr_len; - if (len < 5) { + if (len < RECHDR_LEN) { dump_hex("< |%s|\n", p, len); return; } xhdr_len = 0x100*p[3] + p[4]; dbg("< hdr_type:%u ver:%u.%u len:%u", p[0], p[1], p[2], xhdr_len); - p += 5; - len -= 5; - if (len >= 4 && p[-5] == RECORD_TYPE_HANDSHAKE) { + p += RECHDR_LEN; + len -= RECHDR_LEN; + if (len >= 4 && p[-RECHDR_LEN] == RECORD_TYPE_HANDSHAKE) { unsigned len24 = get24be(p + 1); dbg(" type:%u len24:%u", p[0], len24); } @@ -524,9 +526,9 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type) uint8_t *buf = tls->outbuf + OUTBUF_PFX; struct record_hdr *xhdr; - xhdr = (void*)(buf - sizeof(*xhdr)); + xhdr = (void*)(buf - RECHDR_LEN); if (CIPHER_ID != TLS_RSA_WITH_NULL_SHA256) - xhdr = (void*)(buf - sizeof(*xhdr) - AES_BLOCKSIZE); /* place for IV */ + xhdr = (void*)(buf - RECHDR_LEN - AES_BLOCKSIZE); /* place for IV */ xhdr->type = type; xhdr->proto_maj = TLS_MAJ; @@ -540,7 +542,7 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type) hmac_sha256(buf + size, tls->client_write_MAC_key, sizeof(tls->client_write_MAC_key), &tls->write_seq64_be, sizeof(tls->write_seq64_be), - xhdr, sizeof(*xhdr), + xhdr, RECHDR_LEN, buf, size, NULL); tls->write_seq64_be = SWAP_BE64(1 + SWAP_BE64(tls->write_seq64_be)); @@ -551,8 +553,8 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type) /* No encryption, only signing */ xhdr->len16_hi = size >> 8; xhdr->len16_lo = size & 0xff; - dump_hex(">> %s\n", xhdr, sizeof(*xhdr) + size); - xwrite(tls->fd, xhdr, sizeof(*xhdr) + size); + dump_hex(">> %s\n", xhdr, RECHDR_LEN + size); + xwrite(tls->fd, xhdr, RECHDR_LEN + size); dbg("wrote %u bytes (NULL crypt, SHA256 hash)\n", size); return; } @@ -639,9 +641,9 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type) size += AES_BLOCKSIZE; /* + IV */ xhdr->len16_hi = size >> 8; xhdr->len16_lo = size & 0xff; - dump_hex(">> %s\n", xhdr, sizeof(*xhdr) + size); - xwrite(tls->fd, xhdr, sizeof(*xhdr) + size); - dbg("wrote %u bytes\n", (int)sizeof(*xhdr) + size); + dump_hex(">> %s\n", xhdr, RECHDR_LEN + size); + xwrite(tls->fd, xhdr, RECHDR_LEN + size); + dbg("wrote %u bytes\n", (int)RECHDR_LEN + size); } } @@ -649,16 +651,16 @@ static void xwrite_and_update_handshake_hash(tls_state_t *tls, unsigned size) { if (!tls->encrypt_on_write) { uint8_t *buf = tls->outbuf + OUTBUF_PFX; - struct record_hdr *xhdr = (void*)(buf - sizeof(*xhdr)); + struct record_hdr *xhdr = (void*)(buf - RECHDR_LEN); xhdr->type = RECORD_TYPE_HANDSHAKE; xhdr->proto_maj = TLS_MAJ; xhdr->proto_min = TLS_MIN; xhdr->len16_hi = size >> 8; xhdr->len16_lo = size & 0xff; - dump_hex(">> %s\n", xhdr, sizeof(*xhdr) + size); - xwrite(tls->fd, xhdr, sizeof(*xhdr) + size); - dbg("wrote %u bytes\n", (int)sizeof(*xhdr) + size); + dump_hex(">> %s\n", xhdr, RECHDR_LEN + size); + xwrite(tls->fd, xhdr, RECHDR_LEN + size); + dbg("wrote %u bytes\n", (int)RECHDR_LEN + size); /* Handshake hash does not include record headers */ sha256_hash_dbg(">> sha256:%s", &tls->handshake_sha256_ctx, buf, size); return; @@ -673,15 +675,16 @@ static int xread_tls_block(tls_state_t *tls) int total; int target; + again: dbg("insize:%u tail:%u\n", tls->insize, tls->tail); memmove(tls->inbuf, tls->inbuf + tls->insize, tls->tail); errno = 0; total = tls->tail; target = sizeof(tls->inbuf); for (;;) { - if (total >= sizeof(*xhdr) && target == sizeof(tls->inbuf)) { + if (total >= RECHDR_LEN && target == sizeof(tls->inbuf)) { xhdr = (void*)tls->inbuf; - target = sizeof(*xhdr) + (0x100 * xhdr->len16_hi + xhdr->len16_lo); + target = RECHDR_LEN + (0x100 * xhdr->len16_hi + xhdr->len16_lo); if (target >= sizeof(tls->inbuf)) { /* malformed input (too long): yell and die */ tls->tail = 0; @@ -694,18 +697,29 @@ static int xread_tls_block(tls_state_t *tls) if (total - target >= 0) break; sz = safe_read(tls->fd, tls->inbuf + total, sizeof(tls->inbuf) - total); - if (sz <= 0) - bb_perror_msg_and_die("short read"); + if (sz <= 0) { + if (sz == 0 && total == 0) { + /* "Abrupt" EOF, no TLS shutdown (seen from kernel.org) */ + dbg("EOF (without TLS shutdown) from peer\n"); + tls->tail = 0; + tls->insize = 0; + goto end; + } + bb_perror_msg_and_die("short read, have only %d", total); + } + dbg("read():%d\n", sz); total += sz; } tls->tail = total - target; tls->insize = target; - sz = target - sizeof(*xhdr); + dbg("new insize:%u tail:%u\n", tls->insize, tls->tail); + + sz = target - RECHDR_LEN; /* Needs to be decrypted? */ if (tls->min_encrypted_len_on_read > SHA256_OUTSIZE) { psCipherContext_t ctx; - uint8_t *p = tls->inbuf + sizeof(*xhdr); + uint8_t *p = tls->inbuf + RECHDR_LEN; int padding_len; if (sz & (AES_BLOCKSIZE-1) @@ -731,7 +745,7 @@ static int xread_tls_block(tls_state_t *tls) } if (sz != 0) { /* Skip IV */ - memmove(tls->inbuf + 5, tls->inbuf + 5 + AES_BLOCKSIZE, sz); + memmove(tls->inbuf + RECHDR_LEN, tls->inbuf + RECHDR_LEN + AES_BLOCKSIZE, sz); } } else { /* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */ @@ -739,13 +753,33 @@ static int xread_tls_block(tls_state_t *tls) sz -= tls->min_encrypted_len_on_read; } + //dump_hex("<< %s\n", tls->inbuf, RECHDR_LEN + sz); + + xhdr = (void*)tls->inbuf; + if (xhdr->type == RECORD_TYPE_ALERT && sz >= 2) { + uint8_t *p = tls->inbuf + RECHDR_LEN; + dbg("ALERT size:%d level:%d description:%d\n", sz, p[0], p[1]); + if (p[0] == 1) { /*warning */ + if (p[1] == 0) { /* warning, close_notify: EOF */ + dbg("EOF (TLS encoded) from peer\n"); + sz = 0; + goto end; + } + /* discard it, get next record */ + goto again; + } + /* p[0] == 1: fatal error, others: not defined in protocol */ + sz = 0; + goto end; + } + /* RFC 5246 is not saying it explicitly, but sha256 hash * in our FINISHED record must include data of incoming packets too! */ if (tls->inbuf[0] == RECORD_TYPE_HANDSHAKE) { - sha256_hash_dbg("<< sha256:%s", &tls->handshake_sha256_ctx, tls->inbuf + 5, sz); + sha256_hash_dbg("<< sha256:%s", &tls->handshake_sha256_ctx, tls->inbuf + RECHDR_LEN, sz); } - + end: dbg("got block len:%u\n", sz); return sz; } @@ -1017,7 +1051,8 @@ static void send_client_hello(tls_state_t *tls) record->proto_maj = TLS_MAJ; /* the "requested" version of the protocol, */ record->proto_min = TLS_MIN; /* can be higher than one in record headers */ tls_get_random(record->rand32, sizeof(record->rand32)); -memset(record->rand32, 0x11, sizeof(record->rand32)); + if (TLS_DEBUG_FIXED_SECRETS) + memset(record->rand32, 0x11, sizeof(record->rand32)); memcpy(tls->client_and_server_rand32, record->rand32, sizeof(record->rand32)); record->session_id_len = 0; record->cipherid_len16_hi = 0; @@ -1027,7 +1062,6 @@ memset(record->rand32, 0x11, sizeof(record->rand32)); record->comprtypes_len = 1; record->comprtypes[0] = 0; - //dbg (make it repeatable): memset(record.rand32, 0x11, sizeof(record.rand32)); dbg(">> CLIENT_HELLO\n"); xwrite_and_update_handshake_hash(tls, sizeof(*record)); } @@ -1135,7 +1169,8 @@ static void send_client_key_exchange(tls_state_t *tls) int len; tls_get_random(rsa_premaster, sizeof(rsa_premaster)); -memset(rsa_premaster, 0x44, sizeof(rsa_premaster)); + if (TLS_DEBUG_FIXED_SECRETS) + memset(rsa_premaster, 0x44, sizeof(rsa_premaster)); // RFC 5246 // "Note: The version number in the PreMasterSecret is the version // offered by the client in the ClientHello.client_version, not the @@ -1348,7 +1383,7 @@ static void tls_handshake(tls_state_t *tls) get_server_cert(tls); len = xread_tls_handshake_block(tls, 4); - if (tls->inbuf[5] == HANDSHAKE_SERVER_KEY_EXCHANGE) { + if (tls->inbuf[RECHDR_LEN] == HANDSHAKE_SERVER_KEY_EXCHANGE) { // 459 bytes: // 0c 00|01|c7 03|00|17|41|04|87|94|2e|2f|68|d0|c9|f4|97|a8|2d|ef|ed|67|ea|c6|f3|b3|56|47|5d|27|b6|bd|ee|70|25|30|5e|b0|8e|f6|21|5a... //SvKey len=455^ @@ -1359,7 +1394,7 @@ static void tls_handshake(tls_state_t *tls) xread_tls_handshake_block(tls, 4); } -// if (tls->inbuf[5] == HANDSHAKE_CERTIFICATE_REQUEST) { +// if (tls->inbuf[RECHDR_LEN] == HANDSHAKE_CERTIFICATE_REQUEST) { // dbg("<< CERTIFICATE_REQUEST\n"); //RFC 5246: (in response to this,) "If no suitable certificate is available, // the client MUST send a certificate message containing no @@ -1371,7 +1406,7 @@ static void tls_handshake(tls_state_t *tls) // xread_tls_handshake_block(tls, 4); // } - if (tls->inbuf[5] != HANDSHAKE_SERVER_HELLO_DONE) + if (tls->inbuf[RECHDR_LEN] != HANDSHAKE_SERVER_HELLO_DONE) tls_error_die(tls); // 0e 000000 (len:0) dbg("<< SERVER_HELLO_DONE\n"); @@ -1398,7 +1433,7 @@ static void tls_handshake(tls_state_t *tls) /* Get (encrypted) FINISHED from the server */ len = xread_tls_block(tls); - if (len < 4 || tls->inbuf[5] != HANDSHAKE_FINISHED) + if (len < 4 || tls->inbuf[RECHDR_LEN] != HANDSHAKE_FINISHED) tls_error_die(tls); dbg("<< FINISHED\n"); /* application data can be sent/received */ @@ -1454,7 +1489,10 @@ int tls_main(int argc UNUSED_PARAM, char **argv) bb_perror_msg_and_die("select"); if (FD_ISSET(STDIN_FILENO, &testfds)) { - void *buf = tls_get_outbuf(tls, COMMON_BUFSIZE); + void *buf; + + dbg("STDIN HAS DATA\n"); + buf = tls_get_outbuf(tls, COMMON_BUFSIZE); nread = safe_read(STDIN_FILENO, buf, COMMON_BUFSIZE); if (nread < 1) { //&& errno != EAGAIN @@ -1466,196 +1504,14 @@ int tls_main(int argc UNUSED_PARAM, char **argv) tls_xwrite(tls, nread); } if (FD_ISSET(cfd, &testfds)) { + dbg("NETWORK HAS DATA\n"); nread = xread_tls_block(tls); if (nread < 1) //if eof, just close stdout, but not exit! return EXIT_SUCCESS; - xwrite(STDOUT_FILENO, tls->inbuf + 5, nread); + xwrite(STDOUT_FILENO, tls->inbuf + RECHDR_LEN, nread); } } return EXIT_SUCCESS; } -/* Unencryped SHA256 example: - * s_client says: - -write to 0x1d750b0 [0x1e6f153] (99 bytes => 99 (0x63)) -0000 - 16 03 01 005e 01 00005a 0303 [4d ef 5c 82 3e ....^...Z..M.\.> >> ClHello -0010 - bf a6 ee f1 1e 04 d1 5c-99 20 86 13 e9 0a cf 58 .......\. .....X -0020 - 75 b1 bd 7a e6 d6 44 f3-d3 a1 52] 00 0004 003b u..z..D...R....; 003b = TLS_RSA_WITH_NULL_SHA256 -0030 - 00ff TLS_EMPTY_RENEGOTIATION_INFO_SCSV - 0100 compr=none - 002d, 0023 0000, 000d 0020 [00 1e .....-.#..... .. extlen, SessionTicketTLS 0 bytes, SignatureAlgorithms 32 bytes -0040 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02 ................ -0050 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03] 000f ................ Heart Beat 1 byte -0060 - 0001 01 ... - -read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) -0000 - 16 03 03 00 3a ....: -read from 0x1d750b0 [0x1e6ac08] (58 bytes => 58 (0x3A)) -0000 - 02 000036 0303 [f2 61-ae c8 58 e3 51 42 32 93 ...6...a..X.QB2. << SvHello -0010 - c5 62 e4 f5 06 93 81 65-aa f7 df 74 af 7c 98 b4 .b.....e...t.|.. -0020 - 3e a7 35 c3 25 69] 00,003b,00.................. >.5.%i..;....... - no session id! "The server - may return an empty session_id to indicate that the session will - not be cached and therefore cannot be resumed." - 003b = TLS_RSA_WITH_NULL_SHA256 accepted, 00 - no compr - 000e ff01 0001 extlen, 0xff01=RenegotiationInfo 1 byte -0030 - 00, 0023 0000, SessionTicketTLS 0 bytes - 000f 0001 01 ..#....... Heart Beat 1 byte - -read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) -0000 - 16 03 03 04 0b ..... -read from 0x1d750b0 [0x1e6ac08] (1035 bytes => 1035 (0x40B)) -0000 - 0b 00 04 07 00 04 04 00-04 01 30 82 03 fd 30 82 ..........0...0. << Cert -0010 - 02 65 a0 03 02 01 02 02-09 00 d9 d9 8d b8 94 ad .e.............. -0020 - 2e 2b 30 0d 06 09 2a 86-48 86 f7 0d 01 01 0b 05 .+0...*.H....... -0030 - 00 30 14 31 12 30 10 06-03 55 04 03 0c 09 6c 6f .0.1.0...U....lo -0040 - 63 61 6c 68 6f 73 74 30-20 17 0d 31 37 30 31 31 calhost0 ..17011 -..."......."......."......."......."......."......."......."......."..... -03f0 - 11 8a cd c5 a3 0a 22 43-d5 13 f9 a5 8a 06 f9 00 ......"C........ -0400 - 3c f7 86 4e e8 a5 d8 5b-92 37 f5 <..N...[.7. -depth=0 CN = localhost -verify error:num=18:self signed certificate -verify return:1 -depth=0 CN = localhost -verify return:1 - -read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) -0000 - 16 03 03 00 04 ..... - -read from 0x1d750b0 [0x1e6ac08] (4 bytes => 4 (0x4)) << SvDone -0000 - 0e . -0004 - - -write to 0x1d750b0 [0x1e74620] (395 bytes => 395 (0x18B)) >> ClDone -0000 - 16 03 03 01 86 10 00 01-82 01 80 88 f0 87 5d b0 ..............]. -0010 - ea df 3b 4d e2 35 f3 99-e6 d4 29 87 36 86 ea 30 ..;M.5....).6..0 -0020 - 38 80 c7 37 66 7f 5b e7-23 38 7e 87 24 66 82 81 8..7f.[.#8~.$f.. -0030 - e4 ba 6c 2a 0c 92 a8 b9-39 c1 55 16 32 88 14 cd ..l*....9.U.2... -0040 - 95 8c 82 49 a1 c7 f9 9b-e5 8f f6 5e 7e ee 91 b3 ...I.......^~... -0050 - 2c 92 e7 a3 02 f8 9f 56-04 45 39 df a7 d6 1a 16 ,......V.E9..... -0060 - 67 5c a4 f8 87 8a c4 c8-6c 6f c6 f0 9b c9 b4 87 g\......lo...... -0070 - 36 43 c1 67 9f b3 aa 11-34 b0 c2 fc 1f d9 e1 ff 6C.g....4....... -0080 - fb e1 89 db 91 58 ec cc-aa 16 19 9a 91 74 e2 46 .....X.......t.F -0090 - 22 a7 a7 f7 9e 3c 97 82-2c e4 21 b3 fa ef ba 3f "....<..,.!....? -00a0 - 57 48 e4 b2 84 b7 c2 81-92 a9 f1 03 68 f4 e6 0c WH..........h... -00b0 - fd 54 87 f5 e9 a0 5d e6-5f 0e bd 80 86 27 ab 0e .T....]._....'.. -00c0 - cf 92 4f bd fc 24 b9 54-72 5f 58 df 6b 2b 1d 97 ..O..$.Tr_X.k+.. -00d0 - 00 60 fe 95 b0 aa d6 c7-c1 3a f9 2e 7c 92 a9 6d .`.......:..|..m -00e0 - 28 a3 ef 3e c1 e6 2d 2d-e8 db 81 ea 51 02 3f 64 (..>..--....Q.?d -00f0 - a8 66 14 c1 4b 17 1f 55-c6 5b 3b 38 c3 6a 61 a8 .f..K..U.[;8.ja. -0100 - f7 ad 65 7d cb 14 6d b3-0f 76 19 25 8e ed bd 53 ..e}..m..v.%...S -0110 - 35 a9 a1 34 00 9d 07 81-84 51 35 e0 83 83 e3 a6 5..4.....Q5..... -0120 - c7 77 4c 61 e4 78 9c cb-f5 92 4e d6 dd c4 c2 2b .wLa.x....N....+ -0130 - 75 9e 72 a6 7f 81 6a 1c-fc 4a 51 91 81 b4 cc 33 u.r...j..JQ....3 -0140 - 1c 8b 0a b6 94 8b 16 1b-86 2f 31 5e 31 e1 57 14 ........./1^1.W. -0150 - 2e b5 09 5d cf 6f ea b2-94 e9 5c cc b9 fc 24 a0 ...].o....\...$. -0160 - b7 f1 f4 9d 95 46 4f 08-5c 45 c6 2f 9f 7d 76 09 .....FO.\E./.}v. -0170 - 6a af 50 2c 89 76 82 5f-e8 34 d8 4b 84 b6 34 18 j.P,.v._.4.K..4. -0180 - 85 95 4a 3f 0f 28 88 3a-71 32 90 ..J?.(.:q2. - -write to 0x1d750b0 [0x1e74620] (6 bytes => 6 (0x6)) -0000 - 14 03 03 00 01 01 ...... >> CHANGE_CIPHER_SPEC - -write to 0x1d750b0 [0x1e74620] (53 bytes => 53 (0x35)) -0000 - 16 03 03 0030 14 00000c [ed b9 e1 33 36 0b 76 ....0.......36.v >> FINISHED (0x14) [PRF 12 bytes|SHA256_OUTSIZE 32 bytes] -0010 - c0 d1 d4 0b a3|73 ec a8-fa b5 cb 12 b6 4c 2a b1 .....s.......L*. -0020 - fb 42 7f 73 0d 06 1c 87-56 f0 db df e6 6a 25 aa .B.s....V....j%. -0030 - fc 42 38 cb 0b] .B8.. - -read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) -0000 - 16 03 03 00 aa ..... -read from 0x1d750b0 [0x1e6ac08] (170 bytes => 170 (0xAA)) -0000 - 04 00 00 a6 00 00 1c 20-00 a0 dd f4 52 01 54 8d ....... ....R.T. << NEW_SESSION_TICKET -0010 - f8 a6 f9 2d 7d 19 20 5b-14 44 d3 2d 7b f2 ca e8 ...-}. [.D.-{... -0020 - 01 4e 94 7b fe 12 59 3a-00 2e 7e cf 74 43 7a f7 .N.{..Y:..~.tCz. -0030 - 9e cc 70 80 70 7c e3 a5-c6 9d 85 2c 36 19 4c 5c ..p.p|.....,6.L\ -0040 - ba 3b c3 e5 69 dc f3 a4-47 38 11 c9 7d 1a b0 6e .;..i...G8..}..n -0050 - d8 49 a0 a8 e4 de 70 a8-d0 6b e4 7a b7 65 25 df .I....p..k.z.e%. -0060 - 1b 5f 64 0f 89 69 02 72-fe eb d3 7a af 51 78 0e ._d..i.r...z.Qx. -0070 - de 17 06 a5 f0 47 9d e0-04 d4 b1 1e be 7e ed bd .....G.......~.. -0080 - 27 8f 5d e8 ac f6 45 aa-e0 12 93 41 5f a8 4b b9 '.]...E....A_.K. -0090 - bd 43 8f a1 23 51 af 92-77 8f 38 23 3e 2e c2 f0 .C..#Q..w.8#>... -00a0 - a3 74 fa 83 94 ce 19 8a-5b 5b .t......[[ - -read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) -0000 - 14 03 03 00 01 ..... << CHANGE_CIPHER_SPEC -read from 0x1d750b0 [0x1e6ac08] (1 bytes => 1 (0x1)) -0000 - 01 . - -read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) -0000 - 16 03 03 00 30 ....0 -read from 0x1d750b0 [0x1e6ac08] (48 bytes => 48 (0x30)) -0000 - 14 00000c [06 86 0d 5c-92 0b 63 04 cc b4 f0 00 .......\..c..... << FINISHED (0x14) [PRF 12 bytes|SHA256_OUTSIZE 32 bytes] -0010 -|49 d6 dd 56 73 e3 d2 e8-22 d6 bd 61 b2 b3 af f0 I..Vs..."..a.... -0020 - f5 00 8a 80 82 04 33 a7-50 8e ae 3b 4c 8c cf 4a] ......3.P..;L..J ---- -Certificate chain - 0 s:/CN=localhost - i:/CN=localhost ---- -Server certificate ------BEGIN CERTIFICATE----- -..."......."......."......."......."......."......."......."......."..... ------END CERTIFICATE----- -subject=/CN=localhost -issuer=/CN=localhost ---- -No client certificate CA names sent ---- -SSL handshake has read 1346 bytes and written 553 bytes ---- -New, TLSv1/SSLv3, Cipher is NULL-SHA256 -Server public key is 3072 bit -Secure Renegotiation IS supported -Compression: NONE -Expansion: NONE -No ALPN negotiated -SSL-Session: - Protocol : TLSv1.2 - Cipher : NULL-SHA256 - Session-ID: 5D62B36950F3DEB571707CD1B815E9E275041B9DB70D7F3E25C4A6535B13B616 - Session-ID-ctx: - Master-Key: 4D08108C59417E0A41656636C51BA5B83F4EFFF9F4C860987B47B31250E5D1816D00940DBCCC196C2D99C8462C889DF1 - Key-Arg : None - Krb5 Principal: None - PSK identity: None - PSK identity hint: None - TLS session ticket lifetime hint: 7200 (seconds) - TLS session ticket: - 0000 - dd f4 52 01 54 8d f8 a6-f9 2d 7d 19 20 5b 14 44 ..R.T....-}. [.D - 0010 - d3 2d 7b f2 ca e8 01 4e-94 7b fe 12 59 3a 00 2e .-{....N.{..Y:.. - 0020 - 7e cf 74 43 7a f7 9e cc-70 80 70 7c e3 a5 c6 9d ~.tCz...p.p|.... - 0030 - 85 2c 36 19 4c 5c ba 3b-c3 e5 69 dc f3 a4 47 38 .,6.L\.;..i...G8 - 0040 - 11 c9 7d 1a b0 6e d8 49-a0 a8 e4 de 70 a8 d0 6b ..}..n.I....p..k - 0050 - e4 7a b7 65 25 df 1b 5f-64 0f 89 69 02 72 fe eb .z.e%.._d..i.r.. - 0060 - d3 7a af 51 78 0e de 17-06 a5 f0 47 9d e0 04 d4 .z.Qx......G.... - 0070 - b1 1e be 7e ed bd 27 8f-5d e8 ac f6 45 aa e0 12 ...~..'.]...E... - 0080 - 93 41 5f a8 4b b9 bd 43-8f a1 23 51 af 92 77 8f .A_.K..C..#Q..w. - 0090 - 38 23 3e 2e c2 f0 a3 74-fa 83 94 ce 19 8a 5b 5b 8#>....t......[[ - - Start Time: 1484574330 - Timeout : 7200 (sec) - Verify return code: 18 (self signed certificate) ---- -read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) -0000 - 17 03 03 00 21 ....! -read from 0x1d750b0 [0x1e6ac08] (33 bytes => 33 (0x21)) -0000 - 0a 74 5b 50 02 13 75 a4-27 0a 40 b1 53 74 52 14 .t[P..u.'.@.StR. -0010 - e7 1e 6a 6c c1 60 2e 93-7e a5 d9 43 1d 8e f6 08 ..jl.`..~..C.... -0020 - 69 i - -read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) -0000 - 17 03 03 00 21 ....! -read from 0x1d750b0 [0x1e6ac08] (33 bytes => 33 (0x21)) -0000 - 0a 1b ce 44 98 4f 81 c5-28 7a cc 79 62 db d2 86 ...D.O..(z.yb... -0010 - 6a 55 a4 c7 73 49 ef 3e-bd 03 99 76 df 65 2a a1 jU..sI.>...v.e*. -0020 - b6 . - -read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5)) -0000 - 17 03 03 00 21 ....! -read from 0x1d750b0 [0x1e6ac08] (33 bytes => 33 (0x21)) -0000 - 0a 67 66 34 ba 68 36 3c-ad 0a c1 f5 c0 5a 50 fe .gf4.h6<.....ZP. -0010 - 68 cd 04 65 e9 de 6e 98-f9 e2 41 1e 0b 9b 84 06 h..e..n...A..... -0020 - 64 d -*/ diff --git a/networking/wget.c b/networking/wget.c index 5da6481c1..58ead4c96 100644 --- a/networking/wget.c +++ b/networking/wget.c @@ -472,7 +472,7 @@ static void parse_url(const char *src_url, struct host_info *h) // FYI: // "Real" wget 'http://busybox.net?var=a/b' sends this request: - // 'GET /?var=a/b HTTP 1.0' + // 'GET /?var=a/b HTTP/1.0' // and saves 'index.html?var=a%2Fb' (we save 'b') // wget 'http://busybox.net?login=john@doe': // request: 'GET /?login=john@doe HTTP/1.0'