New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Debug logs for TLS alerts contain wrong messages #2806

Closed
djelinski opened this Issue Jul 28, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@djelinski
Contributor

djelinski commented Jul 28, 2018

While examining debug output of #2801, I noticed that the debug output for TLS alerts is garbage. The output currently reads:

TLSv1.2 (IN), TLS alert, Client hello (1):

I expected the following

TLSv1.2 (IN), TLS alert, warning / close notify (1/0)

curl/libcurl version

[curl -V output]
curl 7.60.0 (i386-pc-win32) libcurl/7.60.0 OpenSSL/1.1.0h (WinSSL) zlib/1.2.11 brotli/1.0.4 WinIDN libssh2/1.8.0 nghttp2/1.32.0
Release-Date: 2018-05-16
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL libz brotli TLS-SRP HTTP2 HTTPS-proxy MultiSSL

operating system

Windows 2008R2

@bagder bagder added the SSL/TLS label Jul 28, 2018

@bagder

This comment has been minimized.

Member

bagder commented Jul 29, 2018

Any suggestion on how to reproduce this?

@djelinski

This comment has been minimized.

Contributor

djelinski commented Jul 30, 2018

Gist of code used to reproduce:

curl_easy_setopt(curl, CURLOPT_URL, "https://s3.amazonaws.com");
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, DebugCallback);
curl_easy_perform(curl);
Sleep(5950); // experimental, server seems to close connection after about this time
curl_easy_perform(curl);

Debug function:

int DebugCallback(CURL *handle,curl_infotype type,char *datasize_t size,void *userptr)
{
if(type >= CURLINFO_DATA_OUT) return 0;
printf("%s",string(data, data+size).c_str());
return 0;
}

It seems to me that the detailed messages are only valid for TLS handshake, for other message types they don't make sense.

@bagder bagder closed this in aa2ad90 Aug 9, 2018

xquery added a commit to xquery/curl that referenced this issue Sep 3, 2018

falconindy added a commit to falconindy/curl that referenced this issue Sep 10, 2018

@lock lock bot locked as resolved and limited conversation to collaborators Nov 7, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.