Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Debug logs for TLS alerts contain wrong messages #2806

Closed
djelinski opened this issue Jul 28, 2018 · 2 comments
Closed

Debug logs for TLS alerts contain wrong messages #2806

djelinski opened this issue Jul 28, 2018 · 2 comments
Labels
TLS

Comments

@djelinski
Copy link
Contributor

While examining debug output of #2801, I noticed that the debug output for TLS alerts is garbage. The output currently reads:

TLSv1.2 (IN), TLS alert, Client hello (1):

I expected the following

TLSv1.2 (IN), TLS alert, warning / close notify (1/0)

curl/libcurl version

[curl -V output]
curl 7.60.0 (i386-pc-win32) libcurl/7.60.0 OpenSSL/1.1.0h (WinSSL) zlib/1.2.11 brotli/1.0.4 WinIDN libssh2/1.8.0 nghttp2/1.32.0
Release-Date: 2018-05-16
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL libz brotli TLS-SRP HTTP2 HTTPS-proxy MultiSSL

operating system

Windows 2008R2
@bagder bagder added the TLS label Jul 28, 2018
@bagder
Copy link
Member

bagder commented Jul 29, 2018

Any suggestion on how to reproduce this?

@djelinski
Copy link
Contributor Author

Gist of code used to reproduce:

curl_easy_setopt(curl, CURLOPT_URL, "https://s3.amazonaws.com");
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, DebugCallback);
curl_easy_perform(curl);
Sleep(5950); // experimental, server seems to close connection after about this time
curl_easy_perform(curl);

Debug function:

int DebugCallback(CURL *handle,curl_infotype type,char *datasize_t size,void *userptr)
{
if(type >= CURLINFO_DATA_OUT) return 0;
printf("%s",string(data, data+size).c_str());
return 0;
}

It seems to me that the detailed messages are only valid for TLS handshake, for other message types they don't make sense.

@djelinski djelinski mentioned this issue Aug 6, 2018
Closed
@bagder bagder closed this as completed in aa2ad90 Aug 9, 2018
xquery pushed a commit to xquery/curl that referenced this issue Sep 3, 2018
@djelinski @xquery
openssl: fix debug messages
ae65bfd 
Fixes curl#2806
Closes curl#2843
falconindy pushed a commit to falconindy/curl that referenced this issue Sep 10, 2018
@djelinski @falconindy
openssl: fix debug messages
06f3a0f 
Fixes curl#2806
Closes curl#2843
@lock lock bot locked as resolved and limited conversation to collaborators Nov 7, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
TLS
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bagder @djelinski