From 20c0bce50654b5dfa70d8cec4fed719b3cce65fb Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 25 Jun 2018 16:46:57 +0100 Subject: [PATCH] Only dump session data after we have received it s_client was dumping session data at the end of the handshake. In TLSv1.3 we don't have session data until receipt of a NewSessionTicket message which happens post-handshake. Therefore we delay dumping the session data until that message has arrived if TLSv1.3 has been negotiated. Fixes #6482 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6590) --- apps/s_client.c | 54 +++++++++++++++++++++++++++++++++++-------------- 1 file changed, 39 insertions(+), 15 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 09f534033f..8f9ad9ddcf 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -844,15 +844,29 @@ static void freeandcopy(char **dest, const char *source) *dest = OPENSSL_strdup(source); } -static int new_session_cb(SSL *S, SSL_SESSION *sess) +static int new_session_cb(SSL *s, SSL_SESSION *sess) { - BIO *stmp = BIO_new_file(sess_out, "w"); - if (stmp == NULL) { - BIO_printf(bio_err, "Error writing session file %s\n", sess_out); - } else { - PEM_write_bio_SSL_SESSION(stmp, sess); - BIO_free(stmp); + if (sess_out != NULL) { + BIO *stmp = BIO_new_file(sess_out, "w"); + + if (stmp == NULL) { + BIO_printf(bio_err, "Error writing session file %s\n", sess_out); + } else { + PEM_write_bio_SSL_SESSION(stmp, sess); + BIO_free(stmp); + } + } + + /* + * Session data gets dumped on connection for TLSv1.2 and below, and on + * arrival of the NewSessionTicket for TLSv1.3. + */ + if (SSL_version(s) == TLS1_3_VERSION) { + BIO_printf(bio_c_out, + "---\nPost-Handshake New Session Ticket arrived:\n"); + SSL_SESSION_print(bio_c_out, sess); + BIO_printf(bio_c_out, "---\n"); } /* @@ -1919,11 +1933,9 @@ int s_client_main(int argc, char **argv) * come at any time. Therefore we use a callback to write out the session * when we know about it. This approach works for < TLSv1.3 as well. */ - if (sess_out != NULL) { - SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT - | SSL_SESS_CACHE_NO_INTERNAL_STORE); - SSL_CTX_sess_set_new_cb(ctx, new_session_cb); - } + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT + | SSL_SESS_CACHE_NO_INTERNAL_STORE); + SSL_CTX_sess_set_new_cb(ctx, new_session_cb); if (set_keylog_file(ctx, keylog_file)) goto end; @@ -3125,7 +3137,8 @@ static void print_stuff(BIO *bio, SSL *s, int full) X509 *peer = NULL; STACK_OF(X509) *sk; const SSL_CIPHER *c; - int i; + int i, istls13 = (SSL_version(s) == TLS1_3_VERSION); + long verify_result; #ifndef OPENSSL_NO_COMP const COMP_METHOD *comp, *expansion; #endif @@ -3282,7 +3295,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) } #endif - if (SSL_version(s) == TLS1_3_VERSION) { + if (istls13) { switch (SSL_get_early_data_status(s)) { case SSL_EARLY_DATA_NOT_SENT: BIO_printf(bio, "Early data was not sent\n"); @@ -3297,9 +3310,20 @@ static void print_stuff(BIO *bio, SSL *s, int full) break; } + + /* + * We also print the verify results when we dump session information, + * but in TLSv1.3 we may not get that right away (or at all) depending + * on when we get a NewSessionTicket. Therefore we print it now as well. + */ + verify_result = SSL_get_verify_result(s); + BIO_printf(bio, "Verify return code: %ld (%s)\n", verify_result, + X509_verify_cert_error_string(verify_result)); + } else { + /* In TLSv1.3 we do this on arrival of a NewSessionTicket */ + SSL_SESSION_print(bio, SSL_get_session(s)); } - SSL_SESSION_print(bio, SSL_get_session(s)); if (SSL_get_session(s) != NULL && keymatexportlabel != NULL) { BIO_printf(bio, "Keying material exporter:\n"); BIO_printf(bio, " Label: '%s'\n", keymatexportlabel); -- 2.25.1