projects
/
privoxy.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
get_url_actions(): Don't initialize actions when called the second time
[privoxy.git]
/
ssl.c
diff --git
a/ssl.c
b/ssl.c
index
2f6dc51
..
fb3e9ef
100644
(file)
--- a/
ssl.c
+++ b/
ssl.c
@@
-6,7
+6,7
@@
* creating, using and closing TLS/SSL connections.
*
* Copyright : Written by and Copyright (c) 2017 Vaclav Svec. FIT CVUT.
* creating, using and closing TLS/SSL connections.
*
* Copyright : Written by and Copyright (c) 2017 Vaclav Svec. FIT CVUT.
- * Copyright (C) 2018-20
19
by Fabian Keil <fk@fabiankeil.de>
+ * Copyright (C) 2018-20
20
by Fabian Keil <fk@fabiankeil.de>
*
* This program is free software; you can redistribute it
* and/or modify it under the terms of the GNU General
*
* This program is free software; you can redistribute it
* and/or modify it under the terms of the GNU General
@@
-229,6
+229,8
@@
extern int ssl_send_data(mbedtls_ssl_context *ssl, const unsigned char *buf, siz
send_len = (int)max_fragment_size;
}
send_len = (int)max_fragment_size;
}
+ log_error(LOG_LEVEL_WRITING, "TLS: %N", send_len, buf+pos);
+
/*
* Sending one part of the buffer
*/
/*
* Sending one part of the buffer
*/
@@
-302,6
+304,8
@@
extern int ssl_recv_data(mbedtls_ssl_context *ssl, unsigned char *buf, size_t ma
return -1;
}
return -1;
}
+ log_error(LOG_LEVEL_RECEIVED, "TLS: %N", ret, buf);
+
return ret;
}
return ret;
}
@@
-798,7
+802,7
@@
extern int create_server_ssl_connection(struct client_state *csp)
* Handshake with server
*/
log_error(LOG_LEVEL_CONNECT,
* Handshake with server
*/
log_error(LOG_LEVEL_CONNECT,
- "Performing the TLS/SSL handshake with server");
+ "Performing the TLS/SSL handshake with
the
server");
while ((ret = mbedtls_ssl_handshake(&(csp->mbedtls_server_attr.ssl))) != 0)
{
while ((ret = mbedtls_ssl_handshake(&(csp->mbedtls_server_attr.ssl))) != 0)
{
@@
-809,11
+813,17
@@
extern int create_server_ssl_connection(struct client_state *csp)
if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED)
{
if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED)
{
- log_error(LOG_LEVEL_ERROR,
- "Server certificate verification failed: %s", err_buf);
+ char reason[INVALID_CERT_INFO_BUF_SIZE];
+
csp->server_cert_verification_result =
mbedtls_ssl_get_verify_result(&(csp->mbedtls_server_attr.ssl));
csp->server_cert_verification_result =
mbedtls_ssl_get_verify_result(&(csp->mbedtls_server_attr.ssl));
+ mbedtls_x509_crt_verify_info(reason, sizeof(reason), "",
+ csp->server_cert_verification_result);
+ /* Log the reason without the trailing new line */
+ log_error(LOG_LEVEL_ERROR,
+ "The X509 certificate verification failed: %N",
+ strlen(reason)-1, reason);
ret = -1;
}
else
ret = -1;
}
else
@@
-903,7
+913,7
@@
static void free_server_ssl_structures(struct client_state *csp)
* function, we change fd to -1, which is the same what does
* rest of mbedtls_net_free function.
*/
* function, we change fd to -1, which is the same what does
* rest of mbedtls_net_free function.
*/
- csp->mbedtls_
client
_attr.socket_fd.fd = -1;
+ csp->mbedtls_
server
_attr.socket_fd.fd = -1;
mbedtls_x509_crt_free(&(csp->mbedtls_server_attr.ca_cert));
mbedtls_ssl_free(&(csp->mbedtls_server_attr.ssl));
mbedtls_x509_crt_free(&(csp->mbedtls_server_attr.ca_cert));
mbedtls_ssl_free(&(csp->mbedtls_server_attr.ssl));
@@
-1542,7
+1552,7
@@
exit:
*
* Function : make_certs_path
*
*
* Function : make_certs_path
*
- * Description : Creates path to file from three pieces. This fuction
+ * Description : Creates path to file from three pieces. This fu
n
ction
* takes parameters and puts them in one new mallocated
* char * in correct order. Returned variable must be freed
* by caller. This function is mainly used for creating
* takes parameters and puts them in one new mallocated
* char * in correct order. Returned variable must be freed
* by caller. This function is mainly used for creating
@@
-1654,7
+1664,8
@@
static unsigned int get_certificate_mutex_id(struct client_state *csp) {
* Returns : Serial number for new certificate
*
*********************************************************************/
* Returns : Serial number for new certificate
*
*********************************************************************/
-static unsigned long get_certificate_serial(struct client_state *csp) {
+static unsigned long get_certificate_serial(struct client_state *csp)
+{
unsigned long exp = 1;
unsigned long serial = 0;
unsigned long exp = 1;
unsigned long serial = 0;