get_url_actions(): Don't initialize actions when called the second time

[privoxy.git] / ssl.c

diff --git a/ssl.c b/ssl.c
index 2f6dc51..fb3e9ef 100644 (file)
--- a/ssl.c
+++ b/ssl.c
@@ -6,7 +6,7 @@
  *                creating, using and closing TLS/SSL connections.
  *
  * Copyright   :  Written by and Copyright (c) 2017 Vaclav Svec. FIT CVUT.
- *                Copyright (C) 2018-2019 by Fabian Keil <fk@fabiankeil.de>
+ *                Copyright (C) 2018-2020 by Fabian Keil <fk@fabiankeil.de>
  *
  *                This program is free software; you can redistribute it
  *                and/or modify it under the terms of the GNU General
@@ -229,6 +229,8 @@ extern int ssl_send_data(mbedtls_ssl_context *ssl, const unsigned char *buf, siz
          send_len = (int)max_fragment_size;
       }
 
+      log_error(LOG_LEVEL_WRITING, "TLS: %N", send_len, buf+pos);
+
       /*
        * Sending one part of the buffer
        */
@@ -302,6 +304,8 @@ extern int ssl_recv_data(mbedtls_ssl_context *ssl, unsigned char *buf, size_t ma
       return -1;
    }
 
+   log_error(LOG_LEVEL_RECEIVED, "TLS: %N", ret, buf);
+
    return ret;
 }
 
@@ -798,7 +802,7 @@ extern int create_server_ssl_connection(struct client_state *csp)
     * Handshake with server
     */
    log_error(LOG_LEVEL_CONNECT,
-      "Performing the TLS/SSL handshake with server");
+      "Performing the TLS/SSL handshake with the server");
 
    while ((ret = mbedtls_ssl_handshake(&(csp->mbedtls_server_attr.ssl))) != 0)
    {
@@ -809,11 +813,17 @@ extern int create_server_ssl_connection(struct client_state *csp)
 
          if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED)
          {
-            log_error(LOG_LEVEL_ERROR,
-               "Server certificate verification failed: %s", err_buf);
+            char reason[INVALID_CERT_INFO_BUF_SIZE];
+
             csp->server_cert_verification_result =
                mbedtls_ssl_get_verify_result(&(csp->mbedtls_server_attr.ssl));
+            mbedtls_x509_crt_verify_info(reason, sizeof(reason), "",
+               csp->server_cert_verification_result);
 
+            /* Log the reason without the trailing new line */
+            log_error(LOG_LEVEL_ERROR,
+               "The X509 certificate verification failed: %N",
+               strlen(reason)-1, reason);
             ret = -1;
          }
          else
@@ -903,7 +913,7 @@ static void free_server_ssl_structures(struct client_state *csp)
    * function, we change fd to -1, which is the same what does
    * rest of mbedtls_net_free function.
    */
-   csp->mbedtls_client_attr.socket_fd.fd = -1;
+   csp->mbedtls_server_attr.socket_fd.fd = -1;
 
    mbedtls_x509_crt_free(&(csp->mbedtls_server_attr.ca_cert));
    mbedtls_ssl_free(&(csp->mbedtls_server_attr.ssl));
@@ -1542,7 +1552,7 @@ exit:
  *
  * Function    :  make_certs_path
  *
- * Description : Creates path to file from three pieces. This fuction
+ * Description : Creates path to file from three pieces. This function
  *               takes parameters and puts them in one new mallocated
  *               char * in correct order. Returned variable must be freed
  *               by caller. This function is mainly used for creating
@@ -1654,7 +1664,8 @@ static unsigned int get_certificate_mutex_id(struct client_state *csp) {
  * Returns     :  Serial number for new certificate
  *
  *********************************************************************/
-static unsigned long  get_certificate_serial(struct client_state *csp) {
+static unsigned long get_certificate_serial(struct client_state *csp)
+{
    unsigned long exp    = 1;
    unsigned long serial = 0;