#6372 More user friendly and current logging for SecureSocket

This commit is contained in:
Nick Bolton 2018-07-28 01:14:35 +01:00
parent 46a5166fba
commit 89cc8a8daa
1 changed files with 31 additions and 22 deletions

View File

@ -38,6 +38,7 @@
#define MAX_ERROR_SIZE 65535
static const float s_retryDelay = 0.01f;
const char* k_tlsString = "TLSv1.2";
enum {
kMsgSize = 128
@ -277,7 +278,7 @@ int
SecureSocket::secureWrite(const void* buffer, int size, int& wrote)
{
if (m_ssl->m_ssl != NULL) {
LOG((CLOG_DEBUG2 "writing secure socket:%p", this));
LOG((CLOG_DEBUG2 "writing secure socket: %p", this));
wrote = SSL_write(m_ssl->m_ssl, buffer, size);
@ -320,7 +321,7 @@ bool
SecureSocket::loadCertificates(String& filename)
{
if (filename.empty()) {
showError("ssl certificate is not specified");
showError("tls certificate is not specified");
return false;
}
else {
@ -329,7 +330,7 @@ SecureSocket::loadCertificates(String& filename)
file.close();
if (!exist) {
String errorMsg("ssl certificate doesn't exist: ");
String errorMsg("tls certificate doesn't exist: ");
errorMsg.append(filename);
showError(errorMsg.c_str());
return false;
@ -339,19 +340,19 @@ SecureSocket::loadCertificates(String& filename)
int r = 0;
r = SSL_CTX_use_certificate_file(m_ssl->m_context, filename.c_str(), SSL_FILETYPE_PEM);
if (r <= 0) {
showError("could not use ssl certificate");
showError("could not use tls certificate");
return false;
}
r = SSL_CTX_use_PrivateKey_file(m_ssl->m_context, filename.c_str(), SSL_FILETYPE_PEM);
if (r <= 0) {
showError("could not use ssl private key");
showError("could not use tls private key");
return false;
}
r = SSL_CTX_check_private_key(m_ssl->m_context);
if (!r) {
showError("could not verify ssl private key");
showError("could not verify tls private key");
return false;
}
@ -425,7 +426,7 @@ SecureSocket::secureAccept(int socket)
if (isFatal()) {
// tell user and sleep so the socket isn't hammered.
LOG((CLOG_ERR "failed to accept secure socket"));
LOG((CLOG_INFO "client connection may not be secure"));
LOG((CLOG_WARN "client connection may not be secure"));
m_secureReady = false;
ARCH->sleep(1);
retry = 0;
@ -518,12 +519,12 @@ SecureSocket::showCertificate()
cert = SSL_get_peer_certificate(m_ssl->m_ssl);
if (cert != NULL) {
line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
LOG((CLOG_INFO "server ssl certificate info: %s", line));
LOG((CLOG_INFO "server tls certificate info: %s", line));
OPENSSL_free(line);
X509_free(cert);
}
else {
showError("server has no ssl certificate");
showError("server has no tls certificate");
return false;
}
@ -547,7 +548,7 @@ SecureSocket::checkResult(int status, int& retry)
case SSL_ERROR_ZERO_RETURN:
// connection closed
isFatal(true);
LOG((CLOG_DEBUG "ssl connection closed"));
LOG((CLOG_DEBUG "tls connection closed"));
break;
case SSL_ERROR_WANT_READ:
@ -575,10 +576,10 @@ SecureSocket::checkResult(int status, int& retry)
break;
case SSL_ERROR_SYSCALL:
LOG((CLOG_ERR "ssl error occurred (system call failure)"));
LOG((CLOG_ERR "tls error occurred (system call failure)"));
if (ERR_peek_error() == 0) {
if (status == 0) {
LOG((CLOG_ERR "eof violates ssl protocol"));
LOG((CLOG_ERR "eof violates tls protocol"));
}
else if (status == -1) {
// underlying socket I/O reproted an error
@ -595,12 +596,12 @@ SecureSocket::checkResult(int status, int& retry)
break;
case SSL_ERROR_SSL:
LOG((CLOG_ERR "ssl error occurred (generic failure)"));
LOG((CLOG_ERR "tls error occurred (generic failure)"));
isFatal(true);
break;
default:
LOG((CLOG_ERR "ssl error occurred (unknown failure)"));
LOG((CLOG_ERR "tls error occurred (unknown failure)"));
isFatal(true);
break;
}
@ -616,12 +617,12 @@ void
SecureSocket::showError(const char* reason)
{
if (reason != NULL) {
LOG((CLOG_ERR "%s", reason));
LOG((CLOG_ERR "secure socket error: %s", reason));
}
String error = getError();
if (!error.empty()) {
LOG((CLOG_ERR "%s", error.c_str()));
LOG((CLOG_ERR "openssl error: %s", error.c_str()));
}
}
@ -828,11 +829,11 @@ SecureSocket::showSecureCipherInfo()
void
SecureSocket::showSecureLibInfo()
{
LOG((CLOG_INFO "%s",SSLeay_version(SSLEAY_VERSION)));
LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_CFLAGS)));
LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_BUILT_ON)));
LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_PLATFORM)));
LOG((CLOG_DEBUG1 "%s",SSLeay_version(SSLEAY_DIR)));
LOG((CLOG_DEBUG "openssl version: %s", SSLeay_version(SSLEAY_VERSION)));
LOG((CLOG_DEBUG1 "openssl flags: %s", SSLeay_version(SSLEAY_CFLAGS)));
LOG((CLOG_DEBUG1 "openssl built on: %s", SSLeay_version(SSLEAY_BUILT_ON)));
LOG((CLOG_DEBUG1 "openssl platform: %s", SSLeay_version(SSLEAY_PLATFORM)));
LOG((CLOG_DEBUG1 "openssl dir: %s", SSLeay_version(SSLEAY_DIR)));
return;
}
@ -844,7 +845,15 @@ SecureSocket::showSecureConnectInfo()
if (cipher != NULL) {
char msg[kMsgSize];
SSL_CIPHER_description(cipher, msg, kMsgSize);
LOG((CLOG_INFO "%s", msg));
LOG((CLOG_DEBUG "openssl cipher: %s", msg));
// show user a simpler version of the openssl cipher output
if (std::string(msg).find(k_tlsString) != std::string::npos) {
LOG((CLOG_INFO "network encryption protocol: %s", k_tlsString));
}
}
else {
LOG((CLOG_ERR "could not get secure socket cipher"));
}
return;
}