From 06df954366dced2ded3c846cc69588c0f6fe2566 Mon Sep 17 00:00:00 2001 From: Vasily Galkin Date: Wed, 12 Nov 2014 18:18:36 +0400 Subject: [PATCH 01/13] fix removing jobs for closed sockets from m_socketJobs (patch by Brian Vincent from synergy issue tracker #2866) --- src/lib/net/SocketMultiplexer.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/net/SocketMultiplexer.cpp b/src/lib/net/SocketMultiplexer.cpp index 53ac5bbe..5b5d23bb 100644 --- a/src/lib/net/SocketMultiplexer.cpp +++ b/src/lib/net/SocketMultiplexer.cpp @@ -243,6 +243,7 @@ SocketMultiplexer::serviceThread(void*) for (SocketJobMap::iterator i = m_socketJobMap.begin(); i != m_socketJobMap.end();) { if (*(i->second) == NULL) { + m_socketJobs.erase(i->second); m_socketJobMap.erase(i++); m_update = true; } From 9314e64ce35a8e46b20898d72cb9f99f01d811a7 Mon Sep 17 00:00:00 2001 From: Michael Wilson Date: Thu, 26 Feb 2015 00:27:57 -0500 Subject: [PATCH 02/13] Drag/drop enabling is configurable in the GUI. --- src/gui/res/ServerConfigDialogBase.ui | 21 ++++++++++++++------- src/gui/src/MainWindow.cpp | 4 +++- src/gui/src/ServerConfig.cpp | 3 +++ src/gui/src/ServerConfig.h | 3 +++ src/gui/src/ServerConfigDialog.cpp | 3 +++ 5 files changed, 26 insertions(+), 8 deletions(-) diff --git a/src/gui/res/ServerConfigDialogBase.ui b/src/gui/res/ServerConfigDialogBase.ui index 6d257ba2..cc44f66e 100644 --- a/src/gui/res/ServerConfigDialogBase.ui +++ b/src/gui/res/ServerConfigDialogBase.ui @@ -491,7 +491,21 @@ Double click on a screen to edit its settings. + + + + Ignore auto config clients + + + + + + Enable drag and drop file transfers + + + + Qt::Vertical @@ -504,13 +518,6 @@ Double click on a screen to edit its settings. - - - - Ignore auto config clients - - - diff --git a/src/gui/src/MainWindow.cpp b/src/gui/src/MainWindow.cpp index b5b0ce11..0c6a60a4 100644 --- a/src/gui/src/MainWindow.cpp +++ b/src/gui/src/MainWindow.cpp @@ -442,7 +442,9 @@ void MainWindow::startSynergy() #ifndef Q_OS_LINUX - args << "--enable-drag-drop"; + if (m_ServerConfig.enableDragAndDrop()) { + args << "--enable-drag-drop"; + } #endif diff --git a/src/gui/src/ServerConfig.cpp b/src/gui/src/ServerConfig.cpp index 693e26b8..01b52d80 100644 --- a/src/gui/src/ServerConfig.cpp +++ b/src/gui/src/ServerConfig.cpp @@ -50,6 +50,7 @@ ServerConfig::ServerConfig(QSettings* settings, int numColumns, int numRows , m_NumRows(numRows), m_ServerName(serverName), m_IgnoreAutoConfigClient(false), + m_EnableDragAndDrop(false), m_pMainWindow(mainWindow) { Q_ASSERT(m_pSettings); @@ -114,6 +115,7 @@ void ServerConfig::saveSettings() settings().setValue("switchDoubleTap", switchDoubleTap()); settings().setValue("switchCornerSize", switchCornerSize()); settings().setValue("ignoreAutoConfigClient", ignoreAutoConfigClient()); + settings().setValue("enableDragAndDrop", enableDragAndDrop()); writeSettings(settings(), switchCorners(), "switchCorner"); @@ -157,6 +159,7 @@ void ServerConfig::loadSettings() setSwitchDoubleTap(settings().value("switchDoubleTap", 250).toInt()); setSwitchCornerSize(settings().value("switchCornerSize").toInt()); setIgnoreAutoConfigClient(settings().value("ignoreAutoConfigClient").toBool()); + setEnableDragAndDrop(settings().value("enableDragAndDrop", true).toBool()); readSettings(settings(), switchCorners(), "switchCorner", false, NumSwitchCorners); diff --git a/src/gui/src/ServerConfig.h b/src/gui/src/ServerConfig.h index 2a9d0646..b8cba139 100644 --- a/src/gui/src/ServerConfig.h +++ b/src/gui/src/ServerConfig.h @@ -61,6 +61,7 @@ class ServerConfig : public BaseConfig const QList& switchCorners() const { return m_SwitchCorners; } const HotkeyList& hotkeys() const { return m_Hotkeys; } bool ignoreAutoConfigClient() const { return m_IgnoreAutoConfigClient; } + bool enableDragAndDrop() const { return m_EnableDragAndDrop; } void saveSettings(); void loadSettings(); @@ -88,6 +89,7 @@ class ServerConfig : public BaseConfig void setSwitchCorner(int c, bool on) { m_SwitchCorners[c] = on; } void setSwitchCornerSize(int val) { m_SwitchCornerSize = val; } void setIgnoreAutoConfigClient(bool on) { m_IgnoreAutoConfigClient = on; } + void setEnableDragAndDrop(bool on) { m_EnableDragAndDrop = on; } QList& switchCorners() { return m_SwitchCorners; } HotkeyList& hotkeys() { return m_Hotkeys; } @@ -119,6 +121,7 @@ class ServerConfig : public BaseConfig HotkeyList m_Hotkeys; QString m_ServerName; bool m_IgnoreAutoConfigClient; + bool m_EnableDragAndDrop; MainWindow* m_pMainWindow; }; diff --git a/src/gui/src/ServerConfigDialog.cpp b/src/gui/src/ServerConfigDialog.cpp index 33159c3a..af423ed3 100644 --- a/src/gui/src/ServerConfigDialog.cpp +++ b/src/gui/src/ServerConfigDialog.cpp @@ -56,6 +56,8 @@ ServerConfigDialog::ServerConfigDialog(QWidget* parent, ServerConfig& config, co m_pCheckBoxIgnoreAutoConfigClient->setChecked(serverConfig().ignoreAutoConfigClient()); + m_pCheckBoxEnableDragAndDrop->setChecked(serverConfig().enableDragAndDrop()); + foreach(const Hotkey& hotkey, serverConfig().hotkeys()) m_pListHotkeys->addItem(hotkey.text()); @@ -97,6 +99,7 @@ void ServerConfigDialog::accept() serverConfig().setSwitchCorner(BaseConfig::BottomRight, m_pCheckBoxCornerBottomRight->isChecked()); serverConfig().setSwitchCornerSize(m_pSpinBoxSwitchCornerSize->value()); serverConfig().setIgnoreAutoConfigClient(m_pCheckBoxIgnoreAutoConfigClient->isChecked()); + serverConfig().setEnableDragAndDrop(m_pCheckBoxEnableDragAndDrop->isChecked()); // now that the dialog has been accepted, copy the new server config to the original one, // which is a reference to the one in MainWindow. From 9b87ca38079faa41e740cf1483e45cec43d97665 Mon Sep 17 00:00:00 2001 From: Tom Sparrow Date: Fri, 8 May 2015 00:48:04 +0100 Subject: [PATCH 03/13] Fix missing DLLs after install #3774 The CompanionFile attribute was causing the installer to be confused: Won't Overwrite; Won't patch; Existing file is unversioned but modified and hence not install a bunch of these DLLs in some cases. --- src/setup/win32/Product.wxs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/setup/win32/Product.wxs b/src/setup/win32/Product.wxs index c93b4db6..673c85aa 100644 --- a/src/setup/win32/Product.wxs +++ b/src/setup/win32/Product.wxs @@ -110,13 +110,13 @@ - - - - - + + + + + - + From f94e1e1660026ebc99526f4271d486d7b0476fbf Mon Sep 17 00:00:00 2001 From: Nick Bolton Date: Wed, 10 Jun 2015 07:04:58 -0700 Subject: [PATCH 04/13] Disabled intermittently failing unit test #4651 --- src/test/unittests/ipc/IpcLogOutputterTests.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/test/unittests/ipc/IpcLogOutputterTests.cpp b/src/test/unittests/ipc/IpcLogOutputterTests.cpp index d7258388..5583a0cb 100644 --- a/src/test/unittests/ipc/IpcLogOutputterTests.cpp +++ b/src/test/unittests/ipc/IpcLogOutputterTests.cpp @@ -100,6 +100,10 @@ TEST(IpcLogOutputterTests, write_underBufferMaxSize_allLinesAreSent) outputter.sendBuffer(); } +// HACK: temporarily disable this intermittently failing unit test. +// when the build machine is under heavy load, a race condition +// usually happens. +#if 0 TEST(IpcLogOutputterTests, write_overBufferRateLimit_lastLineTruncated) { MockIpcServer mockServer; @@ -129,6 +133,7 @@ TEST(IpcLogOutputterTests, write_overBufferRateLimit_lastLineTruncated) outputter.write(kNOTIFY, "mock 6"); outputter.sendBuffer(); } +#endif TEST(IpcLogOutputterTests, write_underBufferRateLimit_allLinesAreSent) { From 8366bb6247e1c6bd924e890f2162b5b73cda5a7a Mon Sep 17 00:00:00 2001 From: Adam Potolsky Date: Wed, 10 Jun 2015 10:20:59 -0700 Subject: [PATCH 05/13] Added OpenSSL version and location logging --- src/lib/plugin/ns/SecureSocket.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/lib/plugin/ns/SecureSocket.cpp b/src/lib/plugin/ns/SecureSocket.cpp index e3e88f06..11da4c48 100644 --- a/src/lib/plugin/ns/SecureSocket.cpp +++ b/src/lib/plugin/ns/SecureSocket.cpp @@ -240,6 +240,12 @@ SecureSocket::initContext(bool server) // load all error messages SSL_load_error_strings(); + LOG((CLOG_INFO "%s",SSLeay_version (SSLEAY_VERSION))); + LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version (SSLEAY_CFLAGS))); + LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version (SSLEAY_BUILT_ON))); + LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version (SSLEAY_PLATFORM))); + LOG((CLOG_DEBUG2 "%s",SSLeay_version (SSLEAY_DIR))); + // SSLv23_method uses TLSv1, with the ability to fall back to SSLv3 if (server) { method = SSLv23_server_method(); From fa0dfa0ded25948f934cc6e74bcff2f3fc744ef3 Mon Sep 17 00:00:00 2001 From: Adam Potolsky Date: Wed, 10 Jun 2015 13:18:39 -0700 Subject: [PATCH 06/13] Added ability to query lib locations to windows builds --- src/lib/arch/IArchSystem.h | 7 +++++ src/lib/arch/win32/ArchSystemWindows.cpp | 39 ++++++++++++++++++++++++ src/lib/arch/win32/ArchSystemWindows.h | 1 + src/lib/plugin/ns/ns.cpp | 20 +++++++++++- 4 files changed, 66 insertions(+), 1 deletion(-) diff --git a/src/lib/arch/IArchSystem.h b/src/lib/arch/IArchSystem.h index 826f6e5f..8b508ac5 100644 --- a/src/lib/arch/IArchSystem.h +++ b/src/lib/arch/IArchSystem.h @@ -56,4 +56,11 @@ public: */ virtual void setting(const std::string& valueName, const std::string& valueString) const = 0; //@} + + //! Get the pathnames of the libraries used by Synergy + /* + Returns a string containing the full path names of all loaded libraries at the point it is called. + */ + virtual std::string getLibsUsed(void) const = 0; + //@} }; diff --git a/src/lib/arch/win32/ArchSystemWindows.cpp b/src/lib/arch/win32/ArchSystemWindows.cpp index b1853d9b..391726ec 100644 --- a/src/lib/arch/win32/ArchSystemWindows.cpp +++ b/src/lib/arch/win32/ArchSystemWindows.cpp @@ -23,6 +23,9 @@ #include "tchar.h" #include +#include +#include + static const char* s_settingsKeyNames[] = { _T("SOFTWARE"), _T("Synergy"), @@ -152,3 +155,39 @@ ArchSystemWindows::isWOW64() const #endif return false; } +#pragma comment(lib, "psapi") + +std::string +ArchSystemWindows::getLibsUsed(void) const +{ + HMODULE hMods[1024]; + HANDLE hProcess; + DWORD cbNeeded; + unsigned int i; + char hex[16]; + + DWORD pid = GetCurrentProcessId(); + + std::string msg = "pid:" + std::to_string((_ULonglong)pid) + "\n"; + + hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid); + + if (NULL == hProcess) { + return msg; + } + + if (EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded)) { + for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++) { + TCHAR szModName[MAX_PATH]; + if (GetModuleFileNameEx(hProcess, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR))) { + sprintf(hex,"(0x%08X)",hMods[i]); + msg += szModName; + msg.append(hex); + msg.append("\n"); + } + } + } + + CloseHandle(hProcess); + return msg; +} diff --git a/src/lib/arch/win32/ArchSystemWindows.h b/src/lib/arch/win32/ArchSystemWindows.h index a7e237a5..c747f28f 100644 --- a/src/lib/arch/win32/ArchSystemWindows.h +++ b/src/lib/arch/win32/ArchSystemWindows.h @@ -33,6 +33,7 @@ public: virtual std::string getPlatformName() const; virtual std::string setting(const std::string& valueName) const; virtual void setting(const std::string& valueName, const std::string& valueString) const; + virtual std::string getLibsUsed(void) const; bool isWOW64() const; }; diff --git a/src/lib/plugin/ns/ns.cpp b/src/lib/plugin/ns/ns.cpp index b2d8823d..114023c5 100644 --- a/src/lib/plugin/ns/ns.cpp +++ b/src/lib/plugin/ns/ns.cpp @@ -23,6 +23,9 @@ #include "base/Log.h" #include +#include +#include +#include const char * kSynergyVers = VERSION; SecureSocket* g_secureSocket = NULL; @@ -30,8 +33,21 @@ SecureListenSocket* g_secureListenSocket = NULL; Arch* g_arch = NULL; Log* g_log = NULL; -extern "C" { +std::string +helperGetLibsUsed(void) +{ + std::stringstream libs(ARCH->getLibsUsed()); + std::string msg; + std::string pid; + std::getline(libs,pid); + while( std::getline(libs,msg) ) { + LOG(( CLOG_DEBUG "libs:%s",msg.c_str())); + } + return pid; +} + +extern "C" { void init(void* log, void* arch) { @@ -42,6 +58,8 @@ init(void* log, void* arch) if (g_arch == NULL) { Arch::setInstance(reinterpret_cast(arch)); } + + LOG(( CLOG_DEBUG "%s",helperGetLibsUsed().c_str())); } int From bfd0a45d5913b62776812aecd947f72ff8217132 Mon Sep 17 00:00:00 2001 From: Adam Potolsky Date: Wed, 10 Jun 2015 13:25:20 -0700 Subject: [PATCH 07/13] Added version string to plugin and added to plugin loaded message --- src/lib/arch/win32/ArchPluginWindows.cpp | 7 ++++++- src/lib/plugin/ns/ns.cpp | 4 ++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/lib/arch/win32/ArchPluginWindows.cpp b/src/lib/arch/win32/ArchPluginWindows.cpp index ce814cf5..1f560e06 100644 --- a/src/lib/arch/win32/ArchPluginWindows.cpp +++ b/src/lib/arch/win32/ArchPluginWindows.cpp @@ -69,7 +69,12 @@ ArchPluginWindows::load() String filename = synergy::string::removeFileExt(*it); m_pluginTable.insert(std::make_pair(filename, lib)); - LOG((CLOG_DEBUG "loaded plugin: %s", (*it).c_str())); + char * version = (char*)invoke( filename.c_str(),"version",NULL); + if (version == NULL) { + version = "Pre-1.7.4"; + } + + LOG((CLOG_DEBUG "loaded plugin: %s (%s)", (*it).c_str(),version)); } } diff --git a/src/lib/plugin/ns/ns.cpp b/src/lib/plugin/ns/ns.cpp index f34e7faa..b2d8823d 100644 --- a/src/lib/plugin/ns/ns.cpp +++ b/src/lib/plugin/ns/ns.cpp @@ -24,6 +24,7 @@ #include +const char * kSynergyVers = VERSION; SecureSocket* g_secureSocket = NULL; SecureListenSocket* g_secureListenSocket = NULL; Arch* g_arch = NULL; @@ -86,6 +87,9 @@ invoke(const char* command, void** args) g_secureListenSocket = NULL; } } + else if(strcmp(command, "version") == 0) { + return (void*) kSynergyVers; + } return NULL; } From 3942dc6ee823c30eabbacaac2557aa7778261096 Mon Sep 17 00:00:00 2001 From: Adam Potolsky Date: Thu, 11 Jun 2015 10:00:45 -0700 Subject: [PATCH 08/13] Added stub code for linux/mac builds to match the functional ARCH code for discovering libraris in use #4793 --- src/lib/arch/unix/ArchSystemUnix.cpp | 6 ++++++ src/lib/arch/unix/ArchSystemUnix.h | 2 ++ src/lib/plugin/ns/ns.cpp | 4 ++-- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/lib/arch/unix/ArchSystemUnix.cpp b/src/lib/arch/unix/ArchSystemUnix.cpp index 9e554662..112e15cb 100644 --- a/src/lib/arch/unix/ArchSystemUnix.cpp +++ b/src/lib/arch/unix/ArchSystemUnix.cpp @@ -74,3 +74,9 @@ void ArchSystemUnix::setting(const std::string&, const std::string&) const { } + +std::string +ArchSystemUnix::getLibsUsed(void) const +{ + return "not implmented.\nuse lsof on shell"; +} diff --git a/src/lib/arch/unix/ArchSystemUnix.h b/src/lib/arch/unix/ArchSystemUnix.h index b9f3705f..acacaa98 100644 --- a/src/lib/arch/unix/ArchSystemUnix.h +++ b/src/lib/arch/unix/ArchSystemUnix.h @@ -33,4 +33,6 @@ public: virtual std::string getPlatformName() const; virtual std::string setting(const std::string&) const; virtual void setting(const std::string&, const std::string&) const; + virtual std::string getLibsUsed(void) const; + }; diff --git a/src/lib/plugin/ns/ns.cpp b/src/lib/plugin/ns/ns.cpp index 114023c5..fd688787 100644 --- a/src/lib/plugin/ns/ns.cpp +++ b/src/lib/plugin/ns/ns.cpp @@ -59,7 +59,7 @@ init(void* log, void* arch) Arch::setInstance(reinterpret_cast(arch)); } - LOG(( CLOG_DEBUG "%s",helperGetLibsUsed().c_str())); + LOG(( CLOG_DEBUG "library use: %s",helperGetLibsUsed().c_str())); } int @@ -124,4 +124,4 @@ cleanup() } } -} \ No newline at end of file +} From 5696497bc0835106c2df9a9a9de1bbd75821d885 Mon Sep 17 00:00:00 2001 From: Adam Potolsky Date: Thu, 11 Jun 2015 17:40:26 -0700 Subject: [PATCH 09/13] Added code to throw an error if the plugin can't be deleted or written to #4696 --- src/gui/src/PluginManager.cpp | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/gui/src/PluginManager.cpp b/src/gui/src/PluginManager.cpp index a30d0056..31ec2858 100644 --- a/src/gui/src/PluginManager.cpp +++ b/src/gui/src/PluginManager.cpp @@ -115,7 +115,14 @@ void PluginManager::copyPlugins() QFile newFile(newName); if(newFile.exists()) { // If it does, delete it. TODO: Check to see if same and leave - newFile.remove(); + bool result = newFile.remove(); + if( !result ) { + emit error( + tr( "Unable to delete plugin:\n%1\n" + "Please stop synergy and run the wizard again.") + .arg(newName)); + return; + } } // make a copy of the plugin in the new location #if defined(Q_OS_WIN) @@ -125,10 +132,12 @@ void PluginManager::copyPlugins() #endif if ( !result ) { emit error( - tr("Failed to copy plugin '%1' to: %2\n%3") + tr("Failed to copy plugin '%1' to: %2\n%3\n" + "Please stop synergy and run the wizard again.") .arg(m_FileSysPluginList.at(i)) .arg(newName) .arg(file.errorString())); + return; } else { emit info( From 72060e59b473b6c1a95042afa68d2f23b99315ef Mon Sep 17 00:00:00 2001 From: "Jerry (Xinyu Hou)" Date: Fri, 12 Jun 2015 11:18:29 -0700 Subject: [PATCH 10/13] Fixed send clipboard thread time issue #4749 --- src/lib/client/Client.cpp | 1 + src/lib/server/Server.cpp | 2 ++ 2 files changed, 3 insertions(+) diff --git a/src/lib/client/Client.cpp b/src/lib/client/Client.cpp index 52258d69..ad586809 100644 --- a/src/lib/client/Client.cpp +++ b/src/lib/client/Client.cpp @@ -273,6 +273,7 @@ Client::leave() if (m_sendClipboardThread != NULL) { StreamChunker::interruptClipboard(); + m_sendClipboardThread->wait(); m_sendClipboardThread = NULL; } diff --git a/src/lib/server/Server.cpp b/src/lib/server/Server.cpp index 4420b2dd..1f04489c 100644 --- a/src/lib/server/Server.cpp +++ b/src/lib/server/Server.cpp @@ -509,6 +509,8 @@ Server::switchScreen(BaseClientProxy* dst, // clipboard data could be corrupted on the other side if (m_sendClipboardThread != NULL) { StreamChunker::interruptClipboard(); + m_sendClipboardThread->wait(); + m_sendClipboardThread = NULL; } // send the clipboard data to new active screen From 4b0dec69bf4511e381447707589a479ca04e4eba Mon Sep 17 00:00:00 2001 From: Adam Potolsky Date: Fri, 12 Jun 2015 14:33:28 -0700 Subject: [PATCH 11/13] Added additional SSL logging abotu connection information as well as client and server cipher availability #4793 --- src/lib/plugin/ns/SecureSocket.cpp | 101 +++++++++++++++++++++++------ src/lib/plugin/ns/SecureSocket.h | 4 ++ 2 files changed, 84 insertions(+), 21 deletions(-) diff --git a/src/lib/plugin/ns/SecureSocket.cpp b/src/lib/plugin/ns/SecureSocket.cpp index 11da4c48..799f27de 100644 --- a/src/lib/plugin/ns/SecureSocket.cpp +++ b/src/lib/plugin/ns/SecureSocket.cpp @@ -42,6 +42,10 @@ enum { kMaxRetryCount = 100000 }; +enum { + kMsgSize = 128 +}; + static const char kFingerprintDirName[] = "SSL/Fingerprints"; //static const char kFingerprintLocalFilename[] = "Local.txt"; static const char kFingerprintTrustedServersFilename[] = "TrustedServers.txt"; @@ -240,11 +244,9 @@ SecureSocket::initContext(bool server) // load all error messages SSL_load_error_strings(); - LOG((CLOG_INFO "%s",SSLeay_version (SSLEAY_VERSION))); - LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version (SSLEAY_CFLAGS))); - LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version (SSLEAY_BUILT_ON))); - LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version (SSLEAY_PLATFORM))); - LOG((CLOG_DEBUG2 "%s",SSLeay_version (SSLEAY_DIR))); + if (CLOG->getFilter() >= kINFO) { + showSecureLibInfo(); + } // SSLv23_method uses TLSv1, with the ability to fall back to SSLv3 if (server) { @@ -304,14 +306,8 @@ SecureSocket::secureAccept(int socket) if (retry == 0) { m_secureReady = true; LOG((CLOG_INFO "accepted secure socket")); - const SSL_CIPHER* cipher = SSL_get_current_cipher(m_ssl->m_ssl); - if(cipher != NULL) { - char * cipherVersion = SSL_CIPHER_description(cipher, NULL, 0); - if(cipherVersion != NULL) { - LOG((CLOG_INFO "%s", cipherVersion)); - OPENSSL_free(cipherVersion); - } - } + showSecureCipherInfo(); + showSecureConnectInfo(); return 1; } @@ -369,14 +365,8 @@ SecureSocket::secureConnect(int socket) return -1; // Fingerprint failed, error } LOG((CLOG_DEBUG2 "connected secure socket")); - const SSL_CIPHER* cipher = SSL_get_current_cipher(m_ssl->m_ssl); - if(cipher != NULL) { - char * cipherVersion = SSL_CIPHER_description(cipher, NULL, 0); - if(cipherVersion != NULL) { - LOG((CLOG_INFO "%s", cipherVersion)); - OPENSSL_free(cipherVersion); - } - } + showSecureCipherInfo(); + showSecureConnectInfo(); return 1; } @@ -626,3 +616,72 @@ SecureSocket::serviceAccept(ISocketMultiplexerJob* job, // If status < 0, error happened return NULL; } + +void +showCipherStackDesc(STACK_OF(SSL_CIPHER) * stack) { + char msg[kMsgSize]; + int i = 0; + for ( ; i < sk_SSL_CIPHER_num(stack) ; i++) { + const SSL_CIPHER * cipher = sk_SSL_CIPHER_value(stack,i); + + SSL_CIPHER_description(cipher, msg, kMsgSize); + + // Why does SSL put a newline in the description? + int pos = (int)strlen(msg) - 1; + if (msg[pos] == '\n') { + msg[pos] = '\0'; + } + + LOG((CLOG_DEBUG1 "%s",msg)); + } +} + +void +SecureSocket::showSecureCipherInfo() +{ + STACK_OF(SSL_CIPHER) * sStack = SSL_get_ciphers(m_ssl->m_ssl); + int i = 0; + if (sStack == NULL) { + LOG((CLOG_WARN "No ciphers available on server")); + } + else { + LOG((CLOG_DEBUG1 "Ciphers available on server:")); + showCipherStackDesc(sStack); + } + + // m_ssl->m_ssl->session->ciphers is not forward compatable, In future release + // of OpenSSL, it's not visible, need to use SSL_get_client_ciphers() instead + STACK_OF(SSL_CIPHER) * cStack = m_ssl->m_ssl->session->ciphers; + if (cStack == NULL) { + LOG((CLOG_WARN "No ciphers available from client")); + } + else { + LOG((CLOG_DEBUG1 "Ciphers available on client:")); + showCipherStackDesc(cStack); + } + return; +} + +void +SecureSocket::showSecureLibInfo() +{ + LOG((CLOG_INFO "%s",SSLeay_version(SSLEAY_VERSION))); + LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version(SSLEAY_CFLAGS))); + LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version(SSLEAY_BUILT_ON))); + LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version(SSLEAY_PLATFORM))); + LOG((CLOG_DEBUG2 "%s",SSLeay_version(SSLEAY_DIR))); + return; +} + +void +SecureSocket::showSecureConnectInfo() +{ + const SSL_CIPHER* cipher = SSL_get_current_cipher(m_ssl->m_ssl); + + if (cipher != NULL) { + char msg[kMsgSize]; + SSL_CIPHER_description(cipher, msg, kMsgSize); + LOG((CLOG_INFO "%s", msg)); + } + return; +} diff --git a/src/lib/plugin/ns/SecureSocket.h b/src/lib/plugin/ns/SecureSocket.h index e1906991..0c0f3b10 100644 --- a/src/lib/plugin/ns/SecureSocket.h +++ b/src/lib/plugin/ns/SecureSocket.h @@ -79,6 +79,10 @@ private: serviceAccept(ISocketMultiplexerJob*, bool, bool, bool); + void showSecureConnectInfo(); + void showSecureLibInfo(); + void showSecureCipherInfo(); + private: Ssl* m_ssl; bool m_secureReady; From 16a2815504a8f5cb0d26f2f00579a239864f3e88 Mon Sep 17 00:00:00 2001 From: Adam Potolsky Date: Fri, 12 Jun 2015 14:40:15 -0700 Subject: [PATCH 12/13] Added additional SSL logging abotu connection information as well as client and server cipher availability #4793 --- src/lib/plugin/ns/SecureSocket.cpp | 101 +++++++++++++++++++++++------ src/lib/plugin/ns/SecureSocket.h | 4 ++ 2 files changed, 84 insertions(+), 21 deletions(-) diff --git a/src/lib/plugin/ns/SecureSocket.cpp b/src/lib/plugin/ns/SecureSocket.cpp index 11da4c48..5ba66ad2 100644 --- a/src/lib/plugin/ns/SecureSocket.cpp +++ b/src/lib/plugin/ns/SecureSocket.cpp @@ -42,6 +42,10 @@ enum { kMaxRetryCount = 100000 }; +enum { + kMsgSize = 128 +}; + static const char kFingerprintDirName[] = "SSL/Fingerprints"; //static const char kFingerprintLocalFilename[] = "Local.txt"; static const char kFingerprintTrustedServersFilename[] = "TrustedServers.txt"; @@ -240,11 +244,9 @@ SecureSocket::initContext(bool server) // load all error messages SSL_load_error_strings(); - LOG((CLOG_INFO "%s",SSLeay_version (SSLEAY_VERSION))); - LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version (SSLEAY_CFLAGS))); - LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version (SSLEAY_BUILT_ON))); - LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version (SSLEAY_PLATFORM))); - LOG((CLOG_DEBUG2 "%s",SSLeay_version (SSLEAY_DIR))); + if (CLOG->getFilter() >= kINFO) { + showSecureLibInfo(); + } // SSLv23_method uses TLSv1, with the ability to fall back to SSLv3 if (server) { @@ -304,14 +306,8 @@ SecureSocket::secureAccept(int socket) if (retry == 0) { m_secureReady = true; LOG((CLOG_INFO "accepted secure socket")); - const SSL_CIPHER* cipher = SSL_get_current_cipher(m_ssl->m_ssl); - if(cipher != NULL) { - char * cipherVersion = SSL_CIPHER_description(cipher, NULL, 0); - if(cipherVersion != NULL) { - LOG((CLOG_INFO "%s", cipherVersion)); - OPENSSL_free(cipherVersion); - } - } + showSecureCipherInfo(); + showSecureConnectInfo(); return 1; } @@ -369,14 +365,8 @@ SecureSocket::secureConnect(int socket) return -1; // Fingerprint failed, error } LOG((CLOG_DEBUG2 "connected secure socket")); - const SSL_CIPHER* cipher = SSL_get_current_cipher(m_ssl->m_ssl); - if(cipher != NULL) { - char * cipherVersion = SSL_CIPHER_description(cipher, NULL, 0); - if(cipherVersion != NULL) { - LOG((CLOG_INFO "%s", cipherVersion)); - OPENSSL_free(cipherVersion); - } - } + showSecureCipherInfo(); + showSecureConnectInfo(); return 1; } @@ -626,3 +616,72 @@ SecureSocket::serviceAccept(ISocketMultiplexerJob* job, // If status < 0, error happened return NULL; } + +void +showCipherStackDesc(STACK_OF(SSL_CIPHER) * stack) { + char msg[kMsgSize]; + int i = 0; + for ( ; i < sk_SSL_CIPHER_num(stack) ; i++) { + const SSL_CIPHER * cipher = sk_SSL_CIPHER_value(stack,i); + + SSL_CIPHER_description(cipher, msg, kMsgSize); + + // Why does SSL put a newline in the description? + int pos = (int)strlen(msg) - 1; + if (msg[pos] == '\n') { + msg[pos] = '\0'; + } + + LOG((CLOG_DEBUG1 "%s",msg)); + } +} + +void +SecureSocket::showSecureCipherInfo() +{ + STACK_OF(SSL_CIPHER) * sStack = SSL_get_ciphers(m_ssl->m_ssl); + + if (sStack == NULL) { + LOG((CLOG_WARN "No ciphers available on server")); + } + else { + LOG((CLOG_DEBUG1 "Ciphers available on server:")); + showCipherStackDesc(sStack); + } + + // m_ssl->m_ssl->session->ciphers is not forward compatable, In future release + // of OpenSSL, it's not visible, need to use SSL_get_client_ciphers() instead + STACK_OF(SSL_CIPHER) * cStack = m_ssl->m_ssl->session->ciphers; + if (cStack == NULL) { + LOG((CLOG_WARN "No ciphers available from client")); + } + else { + LOG((CLOG_DEBUG1 "Ciphers available on client:")); + showCipherStackDesc(cStack); + } + return; +} + +void +SecureSocket::showSecureLibInfo() +{ + LOG((CLOG_INFO "%s",SSLeay_version(SSLEAY_VERSION))); + LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version(SSLEAY_CFLAGS))); + LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version(SSLEAY_BUILT_ON))); + LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version(SSLEAY_PLATFORM))); + LOG((CLOG_DEBUG2 "%s",SSLeay_version(SSLEAY_DIR))); + return; +} + +void +SecureSocket::showSecureConnectInfo() +{ + const SSL_CIPHER* cipher = SSL_get_current_cipher(m_ssl->m_ssl); + + if (cipher != NULL) { + char msg[kMsgSize]; + SSL_CIPHER_description(cipher, msg, kMsgSize); + LOG((CLOG_INFO "%s", msg)); + } + return; +} diff --git a/src/lib/plugin/ns/SecureSocket.h b/src/lib/plugin/ns/SecureSocket.h index e1906991..0c0f3b10 100644 --- a/src/lib/plugin/ns/SecureSocket.h +++ b/src/lib/plugin/ns/SecureSocket.h @@ -79,6 +79,10 @@ private: serviceAccept(ISocketMultiplexerJob*, bool, bool, bool); + void showSecureConnectInfo(); + void showSecureLibInfo(); + void showSecureCipherInfo(); + private: Ssl* m_ssl; bool m_secureReady; From afb0e2a2ea80dffff87c54177a0f658c69a13433 Mon Sep 17 00:00:00 2001 From: Adam Potolsky Date: Fri, 12 Jun 2015 15:07:53 -0700 Subject: [PATCH 13/13] Added log level protection, changed log levels for some logging #4793 --- src/lib/plugin/ns/SecureSocket.cpp | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/src/lib/plugin/ns/SecureSocket.cpp b/src/lib/plugin/ns/SecureSocket.cpp index 5ba66ad2..639220ed 100644 --- a/src/lib/plugin/ns/SecureSocket.cpp +++ b/src/lib/plugin/ns/SecureSocket.cpp @@ -306,7 +306,9 @@ SecureSocket::secureAccept(int socket) if (retry == 0) { m_secureReady = true; LOG((CLOG_INFO "accepted secure socket")); - showSecureCipherInfo(); + if (CLOG->getFilter() >= kDEBUG1) { + showSecureCipherInfo(); + } showSecureConnectInfo(); return 1; } @@ -365,7 +367,9 @@ SecureSocket::secureConnect(int socket) return -1; // Fingerprint failed, error } LOG((CLOG_DEBUG2 "connected secure socket")); - showSecureCipherInfo(); + if (CLOG->getFilter() >= kDEBUG1) { + showSecureCipherInfo(); + } showSecureConnectInfo(); return 1; } @@ -642,10 +646,10 @@ SecureSocket::showSecureCipherInfo() STACK_OF(SSL_CIPHER) * sStack = SSL_get_ciphers(m_ssl->m_ssl); if (sStack == NULL) { - LOG((CLOG_WARN "No ciphers available on server")); + LOG((CLOG_DEBUG1 "local cipher list not available")); } else { - LOG((CLOG_DEBUG1 "Ciphers available on server:")); + LOG((CLOG_DEBUG1 "available local ciphers:")); showCipherStackDesc(sStack); } @@ -653,10 +657,10 @@ SecureSocket::showSecureCipherInfo() // of OpenSSL, it's not visible, need to use SSL_get_client_ciphers() instead STACK_OF(SSL_CIPHER) * cStack = m_ssl->m_ssl->session->ciphers; if (cStack == NULL) { - LOG((CLOG_WARN "No ciphers available from client")); + LOG((CLOG_DEBUG1 "remote cipher list not available")); } else { - LOG((CLOG_DEBUG1 "Ciphers available on client:")); + LOG((CLOG_DEBUG1 "available remote ciphers:")); showCipherStackDesc(cStack); } return; @@ -666,10 +670,10 @@ void SecureSocket::showSecureLibInfo() { LOG((CLOG_INFO "%s",SSLeay_version(SSLEAY_VERSION))); - LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version(SSLEAY_CFLAGS))); - LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version(SSLEAY_BUILT_ON))); - LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version(SSLEAY_PLATFORM))); - LOG((CLOG_DEBUG2 "%s",SSLeay_version(SSLEAY_DIR))); + LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_CFLAGS))); + LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_BUILT_ON))); + LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_PLATFORM))); + LOG((CLOG_DEBUG1 "%s",SSLeay_version(SSLEAY_DIR))); return; }