From 86251a072a769a95092a98f70238af1caca6b036 Mon Sep 17 00:00:00 2001 From: Philipp Hancke Date: Mon, 26 Aug 2024 00:50:17 -0700 Subject: [PATCH] rewrite SSLInfoCallback logging BUG=webrtc:339300437 Change-Id: I105dedb1bb2e5a8e6a15fc49355e18448b5cdeb8 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/360522 Commit-Queue: Philipp Hancke Reviewed-by: Harald Alvestrand Reviewed-by: Florent Castelli Cr-Commit-Position: refs/heads/main@{#42915} --- rtc_base/logging.h | 2 +- rtc_base/openssl_adapter.cc | 72 +++++++++--------------------- rtc_base/openssl_stream_adapter.cc | 1 + 3 files changed, 23 insertions(+), 52 deletions(-) diff --git a/rtc_base/logging.h b/rtc_base/logging.h index 3d27d6c5d4..165a83b467 100644 --- a/rtc_base/logging.h +++ b/rtc_base/logging.h @@ -21,7 +21,7 @@ // RTC_LOG(sev) logs the given stream at severity "sev", which must be a // compile-time constant of the LoggingSeverity type, without the namespace // prefix. -// RTC_LOG_IF(sev, condition) logs the given stream at severitye "sev" if +// RTC_LOG_IF(sev, condition) logs the given stream at severity "sev" if // "condition" is true. // RTC_LOG_V(sev) Like RTC_LOG(), but sev is a run-time variable of the // LoggingSeverity type (basically, it just doesn't prepend the namespace). diff --git a/rtc_base/openssl_adapter.cc b/rtc_base/openssl_adapter.cc index f30e95f92d..43f39c00e4 100644 --- a/rtc_base/openssl_adapter.cc +++ b/rtc_base/openssl_adapter.cc @@ -30,6 +30,7 @@ #include "rtc_base/ssl_certificate.h" #include "rtc_base/ssl_identity.h" #include "rtc_base/ssl_stream_adapter.h" +#include "rtc_base/strings/string_builder.h" #ifdef OPENSSL_IS_BORINGSSL #include #include @@ -783,65 +784,34 @@ bool OpenSSLAdapter::SSLPostConnectionCheck(SSL* ssl, absl::string_view host) { return is_valid_cert_name; } -void OpenSSLAdapter::SSLInfoCallback(const SSL* s, int where, int value) { - std::string type; - bool info_log = false; - bool alert_log = false; +void OpenSSLAdapter::SSLInfoCallback(const SSL* ssl, int where, int ret) { switch (where) { - case SSL_CB_EXIT: - info_log = true; - type = "exit"; - break; - case SSL_CB_ALERT: - alert_log = true; - type = "alert"; - break; - case SSL_CB_READ_ALERT: - alert_log = true; - type = "read_alert"; - break; - case SSL_CB_WRITE_ALERT: - alert_log = true; - type = "write_alert"; - break; - case SSL_CB_ACCEPT_LOOP: - info_log = true; - type = "accept_loop"; - break; - case SSL_CB_ACCEPT_EXIT: - info_log = true; - type = "accept_exit"; - break; - case SSL_CB_CONNECT_LOOP: - info_log = true; - type = "connect_loop"; - break; - case SSL_CB_CONNECT_EXIT: - info_log = true; - type = "connect_exit"; - break; - case SSL_CB_HANDSHAKE_START: - info_log = true; - type = "handshake_start"; - break; - case SSL_CB_HANDSHAKE_DONE: - info_log = true; - type = "handshake_done"; - break; case SSL_CB_LOOP: case SSL_CB_READ: case SSL_CB_WRITE: + return; default: break; } - - if (info_log) { - RTC_LOG(LS_INFO) << type << " " << SSL_state_string_long(s); + char buf[1024]; + rtc::SimpleStringBuilder ss(buf); + ss << SSL_state_string_long(ssl); + if (ret == 0) { + RTC_LOG(LS_ERROR) << "Error during " << ss.str() << "\n"; + return; } - if (alert_log) { - RTC_LOG(LS_WARNING) << type << " " << SSL_alert_type_string_long(value) - << " " << SSL_alert_desc_string_long(value) << " " - << SSL_state_string_long(s); + // See SSL_alert_type_string_long. + int severity_class = where >> 8; + switch (severity_class) { + case SSL3_AL_WARNING: + case SSL3_AL_FATAL: + ss << " " << SSL_alert_type_string_long(ret); + ss << " " << SSL_alert_desc_string_long(ret); + RTC_LOG(LS_WARNING) << ss.str(); + break; + default: + RTC_LOG(LS_INFO) << ss.str(); + break; } } diff --git a/rtc_base/openssl_stream_adapter.cc b/rtc_base/openssl_stream_adapter.cc index 575d04f489..26df804c7d 100644 --- a/rtc_base/openssl_stream_adapter.cc +++ b/rtc_base/openssl_stream_adapter.cc @@ -1042,6 +1042,7 @@ SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() { return nullptr; } + // TODO(bugs.webrtc.org/339300437): Remove dependency. SSL_CTX_set_info_callback(ctx, OpenSSLAdapter::SSLInfoCallback); int mode = SSL_VERIFY_PEER;