diff options
| author | Péter Dimitrov <[email protected]> | 2019-01-14 16:13:22 +0100 |
|---|---|---|
| committer | Péter Dimitrov <[email protected]> | 2019-01-14 16:13:22 +0100 |
| commit | 597bf59d49ac31b01905b88f6ba4eb491a0adfcb (patch) | |
| tree | 340ecb4753bfc1da856f22c076c83b3d3d9a1fbf /lib/ssl/src/ssl_logger.erl | |
| parent | fd682dd3b1dc0473480890b51165d4b6edb5218c (diff) | |
| parent | b2ccc51a505b3c4294ee0049be69ba293bcd8c06 (diff) | |
| download | otp-597bf59d49ac31b01905b88f6ba4eb491a0adfcb.tar.gz otp-597bf59d49ac31b01905b88f6ba4eb491a0adfcb.tar.bz2 otp-597bf59d49ac31b01905b88f6ba4eb491a0adfcb.zip | |
Merge branch 'peterdmv/ssl/handshake_traffic_secret/OTP-15429'
* peterdmv/ssl/handshake_traffic_secret/OTP-15429: (21 commits)
ssl: Skip TLS 1.3 suites if crypto lacks support
ssl: Update testcase 'encode_decode_srp'
ssl: Fix dialyzer warnings
ssl: Improve AEAD encode/decode
ssl: Refactor state 'negotiated'
ssl: Add 'CertificateVerify'
ssl: Add support for x25519 and x448 in ECDH
ssl: Implement transcript_hash for TLS 1.3
ssl: Fix encoding/decoding of supported_versions
ssl: Check if RSASSA-PSS is supported by crypto
ssl: Reorder default signature schemes
ssl: Create server 'Certificate' message
ssl: Calculate handshake traffic keys
ssl: Add tests for TLS 1.3
ssl: Fix handling of signature algorithms
ssl: Process "supported_versions" before decoding
ssl: Update cipher suite formatting in ssl_logger
ssl: Fix cipher suite selection
ssl: Comment usage of 'state' in TLS 1.3
ssl: Implement TLS 1.3 key schedule
...
Change-Id: Iffeff2e2fefa8af618d6d4a3457b8a9dd9392685
Diffstat (limited to 'lib/ssl/src/ssl_logger.erl')
| -rw-r--r-- | lib/ssl/src/ssl_logger.erl | 48 |
1 files changed, 44 insertions, 4 deletions
diff --git a/lib/ssl/src/ssl_logger.erl b/lib/ssl/src/ssl_logger.erl index 35c8dcfd48..ce8225bf72 100644 --- a/lib/ssl/src/ssl_logger.erl +++ b/lib/ssl/src/ssl_logger.erl @@ -32,6 +32,7 @@ -define(rec_info(T,R),lists:zip(record_info(fields,T),tl(tuple_to_list(R)))). -include("tls_record.hrl"). +-include("ssl_cipher.hrl"). -include("ssl_internal.hrl"). -include("tls_handshake.hrl"). -include_lib("kernel/include/logger.hrl"). @@ -87,20 +88,32 @@ format_handshake(Direction, BinMsg) -> parse_handshake(Direction, #client_hello{ - client_version = Version + client_version = Version0, + cipher_suites = CipherSuites0, + extensions = Extensions } = ClientHello) -> + Version = get_client_version(Version0, Extensions), Header = io_lib:format("~s ~s Handshake, ClientHello", [header_prefix(Direction), version(Version)]), - Message = io_lib:format("~p", [?rec_info(client_hello, ClientHello)]), + CipherSuites = parse_cipher_suites(CipherSuites0), + Message = io_lib:format("~p", + [?rec_info(client_hello, + ClientHello#client_hello{cipher_suites = CipherSuites})]), {Header, Message}; parse_handshake(Direction, #server_hello{ - server_version = Version + server_version = Version0, + cipher_suite = CipherSuite0, + extensions = Extensions } = ServerHello) -> + Version = get_server_version(Version0, Extensions), Header = io_lib:format("~s ~s Handshake, ServerHello", [header_prefix(Direction), version(Version)]), - Message = io_lib:format("~p", [?rec_info(server_hello, ServerHello)]), + CipherSuite = format_cipher(CipherSuite0), + Message = io_lib:format("~p", + [?rec_info(server_hello, + ServerHello#server_hello{cipher_suite = CipherSuite})]), {Header, Message}; parse_handshake(Direction, #certificate{} = Certificate) -> Header = io_lib:format("~s Handshake, Certificate", @@ -148,7 +161,34 @@ parse_handshake(Direction, #hello_request{} = HelloRequest) -> Message = io_lib:format("~p", [?rec_info(hello_request, HelloRequest)]), {Header, Message}. +parse_cipher_suites([_|_] = Ciphers) -> + [format_cipher(C) || C <- Ciphers]. + +format_cipher(?TLS_EMPTY_RENEGOTIATION_INFO_SCSV) -> + 'TLS_EMPTY_RENEGOTIATION_INFO_SCSV'; +format_cipher(C0) -> + list_to_atom(ssl_cipher_format:openssl_suite_name(C0)). + +get_client_version(Version, Extensions) -> + CHVersions = maps:get(client_hello_versions, Extensions, undefined), + case CHVersions of + #client_hello_versions{versions = [Highest|_]} -> + Highest; + undefined -> + Version + end. + +get_server_version(Version, Extensions) -> + SHVersion = maps:get(server_hello_selected_version, Extensions, undefined), + case SHVersion of + #server_hello_selected_version{selected_version = SelectedVersion} -> + SelectedVersion; + undefined -> + Version + end. +version({3,4}) -> + "TLS 1.3"; version({3,3}) -> "TLS 1.2"; version({3,2}) -> |