Log SSL state changes at LOG_DEBUG, LD_HANDSHAKE.

This can be slightly useful for debugging blocking events.

Addresses ticket 3116; based on loud_ssl_states branch.
This commit is contained in:
Nick Mathewson 2010-10-06 23:17:35 -04:00
parent 8653f31d8d
commit 410e440a8d
2 changed files with 19 additions and 2 deletions

4
changes/bug3264 Normal file
View File

@ -0,0 +1,4 @@
o Minor features:
- Log SSL state transitions at log level DEBUG, log domain
HANDSHAKE. This can be useful for debugging censorship events.
Implements ticket 3264.

View File

@ -899,6 +899,13 @@ tor_tls_client_is_using_v2_ciphers(const SSL *ssl, const char *address)
return 1; return 1;
} }
static void
tor_tls_debug_state_callback(const SSL *ssl, int type, int val)
{
log_debug(LD_HANDSHAKE, "SSL %p is now in state %s [type=%d,val=%d].",
ssl, ssl_state_to_string(ssl->state), type, val);
}
/** Invoked when we're accepting a connection on <b>ssl</b>, and the connection /** Invoked when we're accepting a connection on <b>ssl</b>, and the connection
* changes state. We use this: * changes state. We use this:
* <ul><li>To alter the state of the handshake partway through, so we * <ul><li>To alter the state of the handshake partway through, so we
@ -910,6 +917,9 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val)
{ {
tor_tls_t *tls; tor_tls_t *tls;
(void) val; (void) val;
tor_tls_debug_state_callback(ssl, type, val);
if (type != SSL_CB_ACCEPT_LOOP) if (type != SSL_CB_ACCEPT_LOOP)
return; return;
if (ssl->state != SSL3_ST_SW_SRVR_HELLO_A) if (ssl->state != SSL3_ST_SW_SRVR_HELLO_A)
@ -1096,8 +1106,11 @@ tor_tls_new(int sock, int isServer)
#ifdef V2_HANDSHAKE_SERVER #ifdef V2_HANDSHAKE_SERVER
if (isServer) { if (isServer) {
SSL_set_info_callback(result->ssl, tor_tls_server_info_callback); SSL_set_info_callback(result->ssl, tor_tls_server_info_callback);
} } else
#endif #endif
{
SSL_set_info_callback(result->ssl, tor_tls_debug_state_callback);
}
/* Not expected to get called. */ /* Not expected to get called. */
tls_log_errors(NULL, LOG_WARN, LD_NET, "creating tor_tls_t object"); tls_log_errors(NULL, LOG_WARN, LD_NET, "creating tor_tls_t object");
@ -1131,7 +1144,7 @@ tor_tls_set_renegotiate_callback(tor_tls_t *tls,
if (cb) { if (cb) {
SSL_set_info_callback(tls->ssl, tor_tls_server_info_callback); SSL_set_info_callback(tls->ssl, tor_tls_server_info_callback);
} else { } else {
SSL_set_info_callback(tls->ssl, NULL); SSL_set_info_callback(tls->ssl, tor_tls_debug_state_callback);
} }
#endif #endif
} }