mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-06 07:07:04 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: Dump ciphers and sigalgs details in trace with 'advanced' verbosity

Browse Source 
The contents of the extensions were only dumped with verbosity
'complete' which meant that the 'advanced' verbosity was pretty much
useless despite what its name implies (it was the same as the 'simple'
one).
The 'advanced' verbosity is now the "maximum" one, using 'complete'
would not add any extra information yet, but it leaves more room for
some actually large traces to be dumped later on (some complete
ClientHello dumps for instance).
This commit is contained in:
Remi Tricot-Le Breton 2025-07-15 10:45:10 +02:00 committed by William Lallemand
parent 8f2b787241
commit 665b7d4fa9
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ssl_clienthello.c
View File

@ -346,7 +346,7 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
has_rsa_sig = 1;
}
if ((TRACE_SOURCE)->verbosity > SSL_VERB_ADVANCED) {
if ((TRACE_SOURCE)->verbosity >= SSL_VERB_ADVANCED) {
if (TRACE_ENABLED(TRACE_LEVEL_DATA, SSL_EV_CONN_CIPHERS_EXT, conn, 0, 0, 0)) {
const uint8_t *cipher_suites;
size_t len;

8
src/ssl_trace.c
View File

@ -202,7 +202,7 @@ static void ssl_trace(enum trace_level level, uint64_t mask, const struct trace_
}
}
if (mask & SSL_EV_CONN_CHOOSE_SNI_CTX && src->verbosity > SSL_VERB_ADVANCED) {
if (mask & SSL_EV_CONN_CHOOSE_SNI_CTX && src->verbosity >= SSL_VERB_ADVANCED) {
if (a2) {
const char *servername = a2;
chunk_appendf(&trace_buf, " : servername=\"%s\"", servername);
@ -215,7 +215,7 @@ static void ssl_trace(enum trace_level level, uint64_t mask, const struct trace_
}
}
if (mask & SSL_EV_CONN_SIGALG_EXT && src->verbosity > SSL_VERB_ADVANCED) {
if (mask & SSL_EV_CONN_SIGALG_EXT && src->verbosity >= SSL_VERB_ADVANCED) {
if (a2 && a3) {
const uint16_t *extension_data = a2;
size_t extension_len = *((size_t*)a3);
@ -245,7 +245,7 @@ static void ssl_trace(enum trace_level level, uint64_t mask, const struct trace_
}
}
if (mask & SSL_EV_CONN_CIPHERS_EXT && src->verbosity > SSL_VERB_ADVANCED) {
if (mask & SSL_EV_CONN_CIPHERS_EXT && src->verbosity >= SSL_VERB_ADVANCED) {
if (a2 && a3 && a4) {
SSL *ssl = (SSL*)a2;
const uint16_t *extension_data = a3;
@ -277,7 +277,7 @@ static void ssl_trace(enum trace_level level, uint64_t mask, const struct trace_
}
}
if (mask & SSL_EV_CONN_CURVES_EXT && src->verbosity > SSL_VERB_ADVANCED) {
if (mask & SSL_EV_CONN_CURVES_EXT && src->verbosity >= SSL_VERB_ADVANCED) {
if (a2 && a3) {
const uint16_t *extension_data = a2;
size_t extension_len = *((size_t*)a3);