Revert "Added additional SSL logging abotu connection information as well as client and server cipher availability #4793"

This reverts commit 16a2815504.
This commit is contained in:
Jerry (Xinyu Hou) 2015-07-09 16:34:53 -07:00
parent fe010b35ab
commit 57f6022382
2 changed files with 21 additions and 84 deletions

View File

@ -39,10 +39,6 @@
static const int g_maxRetry = 1000;
static const float g_retryDelay = 0.01f;
enum {
kMsgSize = 128
};
static const char kFingerprintDirName[] = "SSL/Fingerprints";
//static const char kFingerprintLocalFilename[] = "Local.txt";
static const char kFingerprintTrustedServersFilename[] = "TrustedServers.txt";
@ -239,9 +235,11 @@ SecureSocket::initContext(bool server)
// load all error messages
SSL_load_error_strings();
if (CLOG->getFilter() >= kINFO) {
showSecureLibInfo();
}
LOG((CLOG_INFO "%s",SSLeay_version (SSLEAY_VERSION)));
LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version (SSLEAY_CFLAGS)));
LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version (SSLEAY_BUILT_ON)));
LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version (SSLEAY_PLATFORM)));
LOG((CLOG_DEBUG2 "%s",SSLeay_version (SSLEAY_DIR)));
// SSLv23_method uses TLSv1, with the ability to fall back to SSLv3
if (server) {
@ -301,8 +299,14 @@ SecureSocket::secureAccept(int socket)
if (retry == 0) {
m_secureReady = true;
LOG((CLOG_INFO "accepted secure socket"));
showSecureCipherInfo();
showSecureConnectInfo();
const SSL_CIPHER* cipher = SSL_get_current_cipher(m_ssl->m_ssl);
if(cipher != NULL) {
char * cipherVersion = SSL_CIPHER_description(cipher, NULL, 0);
if(cipherVersion != NULL) {
LOG((CLOG_INFO "%s", cipherVersion));
OPENSSL_free(cipherVersion);
}
}
return 1;
}
@ -364,8 +368,14 @@ SecureSocket::secureConnect(int socket)
return -1; // Fingerprint failed, error
}
LOG((CLOG_DEBUG2 "connected secure socket"));
showSecureCipherInfo();
showSecureConnectInfo();
const SSL_CIPHER* cipher = SSL_get_current_cipher(m_ssl->m_ssl);
if(cipher != NULL) {
char * cipherVersion = SSL_CIPHER_description(cipher, NULL, 0);
if(cipherVersion != NULL) {
LOG((CLOG_INFO "%s", cipherVersion));
OPENSSL_free(cipherVersion);
}
}
return 1;
}
@ -639,72 +649,3 @@ SecureSocket::serviceAccept(ISocketMultiplexerJob* job,
this, &SecureSocket::serviceAccept,
getSocket(), isReadable(), isWritable());
}
void
showCipherStackDesc(STACK_OF(SSL_CIPHER) * stack) {
char msg[kMsgSize];
int i = 0;
for ( ; i < sk_SSL_CIPHER_num(stack) ; i++) {
const SSL_CIPHER * cipher = sk_SSL_CIPHER_value(stack,i);
SSL_CIPHER_description(cipher, msg, kMsgSize);
// Why does SSL put a newline in the description?
int pos = (int)strlen(msg) - 1;
if (msg[pos] == '\n') {
msg[pos] = '\0';
}
LOG((CLOG_DEBUG1 "%s",msg));
}
}
void
SecureSocket::showSecureCipherInfo()
{
STACK_OF(SSL_CIPHER) * sStack = SSL_get_ciphers(m_ssl->m_ssl);
if (sStack == NULL) {
LOG((CLOG_WARN "No ciphers available on server"));
}
else {
LOG((CLOG_DEBUG1 "Ciphers available on server:"));
showCipherStackDesc(sStack);
}
// m_ssl->m_ssl->session->ciphers is not forward compatable, In future release
// of OpenSSL, it's not visible, need to use SSL_get_client_ciphers() instead
STACK_OF(SSL_CIPHER) * cStack = m_ssl->m_ssl->session->ciphers;
if (cStack == NULL) {
LOG((CLOG_WARN "No ciphers available from client"));
}
else {
LOG((CLOG_DEBUG1 "Ciphers available on client:"));
showCipherStackDesc(cStack);
}
return;
}
void
SecureSocket::showSecureLibInfo()
{
LOG((CLOG_INFO "%s",SSLeay_version(SSLEAY_VERSION)));
LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version(SSLEAY_CFLAGS)));
LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version(SSLEAY_BUILT_ON)));
LOG((CLOG_DEBUG2 "OpenSSL : %s",SSLeay_version(SSLEAY_PLATFORM)));
LOG((CLOG_DEBUG2 "%s",SSLeay_version(SSLEAY_DIR)));
return;
}
void
SecureSocket::showSecureConnectInfo()
{
const SSL_CIPHER* cipher = SSL_get_current_cipher(m_ssl->m_ssl);
if (cipher != NULL) {
char msg[kMsgSize];
SSL_CIPHER_description(cipher, msg, kMsgSize);
LOG((CLOG_INFO "%s", msg));
}
return;
}

View File

@ -77,10 +77,6 @@ private:
serviceAccept(ISocketMultiplexerJob*,
bool, bool, bool);
void showSecureConnectInfo();
void showSecureLibInfo();
void showSecureCipherInfo();
private:
Ssl* m_ssl;
bool m_secureReady;