diff --git a/src/anchors.rs b/src/anchors.rs index cf94c91676..cff2ea8627 100644 --- a/src/anchors.rs +++ b/src/anchors.rs @@ -114,14 +114,14 @@ impl RootCertStore { match self.add(&der) { Ok(_) => valid_count += 1, Err(err) => { - trace!("invalid cert der {:?}", der); - debug!("certificate parsing failed: {:?}", err); + crate::log::trace!("invalid cert der {:?}", der); + crate::log::debug!("certificate parsing failed: {:?}", err); invalid_count += 1 } } } - debug!("add_pem_file processed {} valid and {} invalid certs", + crate::log::debug!("add_pem_file processed {} valid and {} invalid certs", valid_count, invalid_count); diff --git a/src/client/common.rs b/src/client/common.rs index 0cff762237..b7e1bcf997 100644 --- a/src/client/common.rs +++ b/src/client/common.rs @@ -121,7 +121,7 @@ impl ClientHelloDetails { for ext in received_exts { let ext_type = ext.get_type(); if !self.sent_extensions.contains(&ext_type) && !allowed_unsolicited.contains(&ext_type) { - trace!("Unsolicited extension {:?}", ext_type); + crate::log::trace!("Unsolicited extension {:?}", ext_type); return true; } } diff --git a/src/client/hs.rs b/src/client/hs.rs index f78f8b2ccf..ccf65da63b 100644 --- a/src/client/hs.rs +++ b/src/client/hs.rs @@ -92,7 +92,7 @@ fn find_session(sess: &mut ClientSessionImpl, dns_name: webpki::DNSNameRef) let maybe_value = sess.config.session_persistence.get(&key_buf); if maybe_value.is_none() { - debug!("No cached session for {:?}", dns_name); + crate::log::debug!("No cached session for {:?}", dns_name); return None; } @@ -240,10 +240,10 @@ fn emit_client_hello_for_retry(sess: &mut ClientSessionImpl, if resuming.version == ProtocolVersion::TLSv1_2 { randomise_sessionid_for_ticket(resuming); } - debug!("Resuming session"); + crate::log::debug!("Resuming session"); (resuming.session_id, resuming.ticket.0.clone(), resuming.version) } else { - debug!("Not resuming any session"); + crate::log::debug!("Not resuming any session"); (SessionID::empty(), Vec::new(), ProtocolVersion::Unknown(0)) }; @@ -423,7 +423,7 @@ fn emit_client_hello_for_retry(sess: &mut ClientSessionImpl, emit_fake_ccs(&mut handshake, sess); } - trace!("Sending ClientHello {:#?}", ch); + crate::log::trace!("Sending ClientHello {:#?}", ch); handshake.transcript.add_message(&ch); sess.common.send_msg(ch, false); @@ -448,7 +448,7 @@ fn emit_client_hello_for_retry(sess: &mut ClientSessionImpl, // Now the client can send encrypted early data sess.common.early_traffic = true; - trace!("Starting early data traffic"); + crate::log::trace!("Starting early data traffic"); sess.common.we_now_encrypting(); } @@ -504,7 +504,7 @@ fn process_alpn_protocol(sess: &mut ClientSessionImpl, !sess.config.alpn_protocols.contains(sess.alpn_protocol.as_ref().unwrap()) { return Err(illegal_param(sess, "server sent non-offered ALPN protocol")); } - debug!("ALPN protocol is {:?}", sess.alpn_protocol); + crate::log::debug!("ALPN protocol is {:?}", sess.alpn_protocol); Ok(()) } @@ -528,7 +528,7 @@ impl ExpectServerHello { .to_string())); } - debug!("Resuming using PSK"); + crate::log::debug!("Resuming using PSK"); // The key schedule has been initialized and set in fill_in_psk() // Server must be using the resumption suite, otherwise set_suite() // in ExpectServerHello::handle() would fail. @@ -537,7 +537,7 @@ impl ExpectServerHello { return Err(TLSError::PeerMisbehavedError("server selected unoffered psk".to_string())); } } else { - debug!("Not resuming"); + crate::log::debug!("Not resuming"); // Discard the early data key schedule. sess.early_data.rejected(); sess.common.early_traffic = false; @@ -639,7 +639,7 @@ impl State for ExpectServerHello { fn handle(mut self: Box, sess: &mut ClientSessionImpl, m: Message) -> NextStateOrError { let server_hello = extract_handshake!(m, HandshakePayload::ServerHello).unwrap(); - trace!("We got ServerHello {:#?}", server_hello); + crate::log::trace!("We got ServerHello {:#?}", server_hello); use crate::ProtocolVersion::{TLSv1_2, TLSv1_3}; let tls13_supported = sess.config.supports_version(TLSv1_3); @@ -721,7 +721,7 @@ impl State for ExpectServerHello { .to_string())); } - debug!("Using ciphersuite {:?}", server_hello.cipher_suite); + crate::log::debug!("Using ciphersuite {:?}", server_hello.cipher_suite); if !sess.common.set_suite(scs.unwrap()) { return Err(illegal_param(sess, "server varied selected ciphersuite")); } @@ -762,7 +762,7 @@ impl State for ExpectServerHello { // Might the server send a ticket? let with_tickets = if server_hello.find_extension(ExtensionType::SessionTicket).is_some() { - debug!("Server supports tickets"); + crate::log::debug!("Server supports tickets"); true } else { false @@ -772,13 +772,13 @@ impl State for ExpectServerHello { // Might the server send a CertificateStatus between Certificate and // ServerKeyExchange? if server_hello.find_extension(ExtensionType::StatusRequest).is_some() { - debug!("Server may staple OCSP response"); + crate::log::debug!("Server may staple OCSP response"); self.may_send_cert_status = true; } // Save any sent SCTs for verification against the certificate. if let Some(sct_list) = server_hello.get_sct_list() { - debug!("Server sent {:?} SCTs", sct_list.len()); + crate::log::debug!("Server sent {:?} SCTs", sct_list.len()); if sct_list_is_invalid(sct_list) { let error_msg = "server sent invalid SCT list".to_string(); @@ -791,7 +791,7 @@ impl State for ExpectServerHello { let mut abbreviated_handshake = false; if let Some(ref resuming) = self.handshake.resuming_session { if resuming.session_id == self.handshake.session_id { - debug!("Server agreed to resume"); + crate::log::debug!("Server agreed to resume"); abbreviated_handshake = true; // Is the server telling lies about the ciphersuite? @@ -842,7 +842,7 @@ impl ExpectServerHelloOrHelloRetryRequest { check_handshake_message(&m, &[HandshakeType::HelloRetryRequest])?; let hrr = extract_handshake!(m, HandshakePayload::HelloRetryRequest).unwrap(); - trace!("Got HRR {:?}", hrr); + crate::log::trace!("Got HRR {:?}", hrr); let has_cookie = hrr.get_cookie().is_some(); let req_group = hrr.get_requested_key_share_group(); @@ -997,7 +997,7 @@ impl State for ExpectTLS13EncryptedExtensions { fn handle(mut self: Box, sess: &mut ClientSessionImpl, m: Message) -> NextStateOrError { let exts = extract_handshake!(m, HandshakePayload::EncryptedExtensions).unwrap(); - debug!("TLS1.3 encrypted extensions: {:?}", exts); + crate::log::debug!("TLS1.3 encrypted extensions: {:?}", exts); self.handshake.transcript.add_message(&m); validate_encrypted_extensions(sess, &self.hello, exts)?; @@ -1078,14 +1078,14 @@ impl State for ExpectTLS13Certificate { // This is only non-empty for client auth. if !cert_chain.context.0.is_empty() { - warn!("certificate with non-empty context during handshake"); + crate::log::warn!("certificate with non-empty context during handshake"); sess.common.send_fatal_alert(AlertDescription::DecodeError); return Err(TLSError::CorruptMessagePayload(ContentType::Handshake)); } if cert_chain.any_entry_has_duplicate_extension() || cert_chain.any_entry_has_unknown_extension() { - warn!("certificate chain contains unsolicited/unknown extension"); + crate::log::warn!("certificate chain contains unsolicited/unknown extension"); sess.common.send_fatal_alert(AlertDescription::UnsupportedExtension); return Err(TLSError::PeerMisbehavedError("bad cert chain extensions".to_string())); } @@ -1180,7 +1180,7 @@ impl State for ExpectTLS12CertificateStatus { let mut status = extract_handshake_mut!(m, HandshakePayload::CertificateStatus).unwrap(); self.server_cert.ocsp_response = status.take_ocsp_response(); - debug!("Server stapled OCSP response is {:?}", self.server_cert.ocsp_response); + crate::log::debug!("Server stapled OCSP response is {:?}", self.server_cert.ocsp_response); Ok(self.into_expect_tls12_server_kx()) } } @@ -1303,7 +1303,7 @@ impl State for ExpectTLS12ServerKX { let skx = ServerKXDetails::new(kx_params, decoded_kx.get_sig().unwrap()); if let ServerKeyExchangePayload::ECDHE(ecdhe) = decoded_kx { - debug!("ECDHE curve is {:?}", ecdhe.params.curve_params); + crate::log::debug!("ECDHE curve is {:?}", ecdhe.params.curve_params); } Ok(self.into_expect_tls12_server_done_or_certreq(skx)) @@ -1354,7 +1354,7 @@ impl State for ExpectTLS13CertificateVerify { fn handle(mut self: Box, sess: &mut ClientSessionImpl, m: Message) -> NextStateOrError { let cert_verify = extract_handshake!(m, HandshakePayload::CertificateVerify).unwrap(); - debug!("Server cert is {:?}", self.server_cert.cert_chain); + crate::log::debug!("Server cert is {:?}", self.server_cert.cert_chain); // 1. Verify the certificate chain. if self.server_cert.cert_chain.is_empty() { @@ -1437,7 +1437,7 @@ fn emit_certverify(handshake: &mut HandshakeDetails, client_auth: &mut ClientAuthDetails, sess: &mut ClientSessionImpl) -> Result<(), TLSError> { if client_auth.signer.is_none() { - trace!("Not sending CertificateVerify, no key"); + crate::log::trace!("Not sending CertificateVerify, no key"); handshake.transcript.abandon_client_auth(); return Ok(()); } @@ -1525,7 +1525,7 @@ impl State for ExpectTLS12CertificateRequest { fn handle(mut self: Box, sess: &mut ClientSessionImpl, m: Message) -> NextStateOrError { let certreq = extract_handshake!(m, HandshakePayload::CertificateRequest).unwrap(); self.handshake.transcript.add_message(&m); - debug!("Got CertificateRequest {:?}", certreq); + crate::log::debug!("Got CertificateRequest {:?}", certreq); let mut client_auth = ClientAuthDetails::new(); @@ -1535,7 +1535,7 @@ impl State for ExpectTLS12CertificateRequest { // We only support RSA signing at the moment. If you don't support that, // we're not doing client auth. if !certreq.certtypes.contains(&ClientCertificateType::RSASign) { - warn!("Server asked for client auth but without RSASign"); + crate::log::warn!("Server asked for client auth but without RSASign"); return Ok(self.into_expect_tls12_server_done(client_auth)); } @@ -1547,12 +1547,12 @@ impl State for ExpectTLS12CertificateRequest { sess.config.client_auth_cert_resolver.resolve(&canames, &certreq.sigschemes); if let Some(mut certkey) = maybe_certkey { - debug!("Attempting client auth"); + crate::log::debug!("Attempting client auth"); let maybe_signer = certkey.key.choose_scheme(&certreq.sigschemes); client_auth.cert = Some(certkey.take_cert()); client_auth.signer = maybe_signer; } else { - debug!("Client auth requested but no cert/sigscheme available"); + crate::log::debug!("Client auth requested but no cert/sigscheme available"); } Ok(self.into_expect_tls12_server_done(client_auth)) @@ -1584,14 +1584,14 @@ impl State for ExpectTLS13CertificateRequest { fn handle(mut self: Box, sess: &mut ClientSessionImpl, m: Message) -> NextStateOrError { let certreq = &extract_handshake!(m, HandshakePayload::CertificateRequestTLS13).unwrap(); self.handshake.transcript.add_message(&m); - debug!("Got CertificateRequest {:?}", certreq); + crate::log::debug!("Got CertificateRequest {:?}", certreq); // Fortunately the problems here in TLS1.2 and prior are corrected in // TLS1.3. // Must be empty during handshake. if !certreq.context.0.is_empty() { - warn!("Server sent non-empty certreq context"); + crate::log::warn!("Server sent non-empty certreq context"); sess.common.send_fatal_alert(AlertDescription::DecodeError); return Err(TLSError::CorruptMessagePayload(ContentType::Handshake)); } @@ -1621,13 +1621,13 @@ impl State for ExpectTLS13CertificateRequest { let mut client_auth = ClientAuthDetails::new(); if let Some(mut certkey) = maybe_certkey { - debug!("Attempting client auth"); + crate::log::debug!("Attempting client auth"); let maybe_signer = certkey.key.choose_scheme(&compat_sigschemes); client_auth.cert = Some(certkey.take_cert()); client_auth.signer = maybe_signer; client_auth.auth_context = Some(certreq.context.0.clone()); } else { - debug!("Client auth requested but no cert selected"); + crate::log::debug!("Client auth requested but no cert selected"); } Ok(self.into_expect_tls13_certificate(client_auth)) @@ -1722,8 +1722,8 @@ impl State for ExpectTLS12ServerDone { let mut st = *self; st.handshake.transcript.add_message(&m); - debug!("Server cert is {:?}", st.server_cert.cert_chain); - debug!("Server DNS name is {:?}", st.handshake.dns_name); + crate::log::debug!("Server cert is {:?}", st.server_cert.cert_chain); + crate::log::debug!("Server DNS name is {:?}", st.handshake.dns_name); // 1. Verify the cert chain. // 2. Verify any SCTs provided with the certificate. @@ -1871,7 +1871,7 @@ impl State for ExpectTLS12CCS { // CCS should not be received interleaved with fragmented handshake-level // message. if !sess.common.handshake_joiner.is_empty() { - warn!("CCS received interleaved with fragmented handshake"); + crate::log::warn!("CCS received interleaved with fragmented handshake"); return Err(TLSError::InappropriateMessage { expect_types: vec![ ContentType::Handshake ], got_type: ContentType::ChangeCipherSpec, @@ -1930,7 +1930,7 @@ fn save_session(handshake: &mut HandshakeDetails, } if handshake.session_id.is_empty() && ticket.is_empty() { - debug!("Session not saved: server didn't allocate id or ticket"); + crate::log::debug!("Session not saved: server didn't allocate id or ticket"); return; } @@ -1955,9 +1955,9 @@ fn save_session(handshake: &mut HandshakeDetails, value.get_encoding()); if worked { - debug!("Session saved"); + crate::log::debug!("Session saved"); } else { - debug!("Session not saved"); + crate::log::debug!("Session not saved"); } } @@ -1995,7 +1995,7 @@ fn emit_certverify_tls13(handshake: &mut HandshakeDetails, client_auth: &mut ClientAuthDetails, sess: &mut ClientSessionImpl) -> Result<(), TLSError> { if client_auth.signer.is_none() { - debug!("Skipping certverify message (no client scheme/key)"); + crate::log::debug!("Skipping certverify message (no client scheme/key)"); return Ok(()); } @@ -2303,9 +2303,9 @@ impl ExpectTLS13Traffic { value.get_encoding()); if worked { - debug!("Ticket saved"); + crate::log::debug!("Ticket saved"); } else { - debug!("Ticket not saved"); + crate::log::debug!("Ticket not saved"); } Ok(()) } diff --git a/src/client/mod.rs b/src/client/mod.rs index e54c466bab..10ce80ec9b 100644 --- a/src/client/mod.rs +++ b/src/client/mod.rs @@ -287,18 +287,18 @@ impl EarlyData { } fn rejected(&mut self) { - trace!("EarlyData rejected"); + crate::log::trace!("EarlyData rejected"); self.state = EarlyDataState::Rejected; } fn accepted(&mut self) { - trace!("EarlyData accepted"); + crate::log::trace!("EarlyData accepted"); assert_eq!(self.state, EarlyDataState::Ready); self.state = EarlyDataState::Accepted; } fn finished(&mut self) { - trace!("EarlyData finished"); + crate::log::trace!("EarlyData finished"); self.state = match self.state { EarlyDataState::Accepted => EarlyDataState::AcceptedFinished, _ => panic!("bad EarlyData state"), @@ -442,7 +442,7 @@ impl ClientSessionImpl { if self.common.is_tls13() && msg.is_content_type(ContentType::ChangeCipherSpec) && self.is_handshaking() { - trace!("Dropping CCS"); + crate::log::trace!("Dropping CCS"); return Ok(()); } diff --git a/src/handshake.rs b/src/handshake.rs index 154f606906..aaea1ddea5 100644 --- a/src/handshake.rs +++ b/src/handshake.rs @@ -13,7 +13,7 @@ pub fn check_message(m: &Message, content_types: &[ContentType], handshake_types: &[HandshakeType]) -> Result<(), TLSError> { if !content_types.contains(&m.typ) { - warn!("Received a {:?} message while expecting {:?}", + crate::log::warn!("Received a {:?} message while expecting {:?}", m.typ, content_types); return Err(TLSError::InappropriateMessage { @@ -24,7 +24,7 @@ pub fn check_message(m: &Message, if let MessagePayload::Handshake(ref hsp) = m.payload { if !handshake_types.is_empty() && !handshake_types.contains(&hsp.typ) { - warn!("Received a {:?} handshake message while expecting {:?}", + crate::log::warn!("Received a {:?} handshake message while expecting {:?}", hsp.typ, handshake_types); return Err(TLSError::InappropriateHandshakeMessage { diff --git a/src/hash_hs.rs b/src/hash_hs.rs index 481ff5ce40..32d06342f6 100644 --- a/src/hash_hs.rs +++ b/src/hash_hs.rs @@ -56,7 +56,7 @@ impl HandshakeHash { Some(started) => { if started != alg { // hash type is changing - warn!("altered hash to HandshakeHash::start_hash"); + crate::log::warn!("altered hash to HandshakeHash::start_hash"); return false; } diff --git a/src/keylog.rs b/src/keylog.rs index d46fec86ee..527cea0bfe 100644 --- a/src/keylog.rs +++ b/src/keylog.rs @@ -72,7 +72,7 @@ impl KeyLogFileInner { .open(path) { Ok(f) => Some(f), Err(e) => { - warn!("unable to create key log file '{:?}': {}", path, e); + crate::log::warn!("unable to create key log file '{:?}': {}", path, e); None } }; @@ -128,7 +128,7 @@ impl KeyLog for KeyLogFile { .try_write(label, client_random, secret) { Ok(()) => {}, Err(e) => { - warn!("error writing to key log file: {}", e); + crate::log::warn!("error writing to key log file: {}", e); } } } diff --git a/src/lib.rs b/src/lib.rs index c878584126..20910c93f1 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -204,27 +204,16 @@ // Our dependencies: // webpki for certificate verification. -use webpki; - // *ring* for cryptography. -use ring; - // untrusted for feeding ring and webpki. -use untrusted; - // sct for validation of stapled certificate transparency SCTs. -use sct; - // rust-base64 for pemfile module. -use base64; // log for logging (optional). #[cfg(feature = "logging")] -#[macro_use] use log; #[cfg(not(feature = "logging"))] -#[macro_use] mod log { macro_rules! trace ( ($($tt:tt)*) => {{}} ); macro_rules! debug ( ($($tt:tt)*) => {{}} ); @@ -235,7 +224,6 @@ mod log { mod util; #[allow(missing_docs)] -#[macro_use] mod msgs; mod error; mod rand; diff --git a/src/server/hs.rs b/src/server/hs.rs index 1a1801a234..b169a608df 100644 --- a/src/server/hs.rs +++ b/src/server/hs.rs @@ -217,7 +217,7 @@ impl ExpectClientHello { sess.alpn_protocol = util::first_in_both(our_protocols, &their_proto_strings); if let Some(ref selected_protocol) = sess.alpn_protocol { - debug!("Chosen ALPN protocol {:?}", selected_protocol); + crate::log::debug!("Chosen ALPN protocol {:?}", selected_protocol); ret.push(ServerExtension::make_alpn(selected_protocol.clone())); } } @@ -357,7 +357,7 @@ impl ExpectClientHello { check_aligned_handshake(sess)?; - trace!("sending server hello {:?}", sh); + crate::log::trace!("sending server hello {:?}", sh); self.handshake.transcript.add_message(&sh); sess.common.send_msg(sh, false); @@ -421,7 +421,7 @@ impl ExpectClientHello { }), }; - trace!("Requesting retry {:?}", m); + crate::log::trace!("Requesting retry {:?}", m); self.handshake.transcript.rollup_for_hrr(); self.handshake.transcript.add_message(&m); sess.common.send_msg(m, false); @@ -443,7 +443,7 @@ impl ExpectClientHello { }), }; - trace!("sending encrypted extensions {:?}", ee); + crate::log::trace!("sending encrypted extensions {:?}", ee); self.handshake.transcript.add_message(&ee); sess.common.send_msg(ee, true); Ok(()) @@ -476,7 +476,7 @@ impl ExpectClientHello { }), }; - trace!("Sending CertificateRequest {:?}", m); + crate::log::trace!("Sending CertificateRequest {:?}", m); self.handshake.transcript.add_message(&m); sess.common.send_msg(m, true); true @@ -523,7 +523,7 @@ impl ExpectClientHello { }), }; - trace!("sending certificate {:?}", c); + crate::log::trace!("sending certificate {:?}", c); self.handshake.transcript.add_message(&c); sess.common.send_msg(c, true); } @@ -556,7 +556,7 @@ impl ExpectClientHello { }), }; - trace!("sending certificate-verify {:?}", m); + crate::log::trace!("sending certificate-verify {:?}", m); self.handshake.transcript.add_message(&m); sess.common.send_msg(m, true); Ok(()) @@ -578,7 +578,7 @@ impl ExpectClientHello { }), }; - trace!("sending finished {:?}", m); + crate::log::trace!("sending finished {:?}", m); self.handshake.transcript.add_message(&m); self.handshake.hash_at_server_fin = self.handshake.transcript.get_current_hash(); sess.common.send_msg(m, true); @@ -634,7 +634,7 @@ impl ExpectClientHello { }), }; - trace!("sending server hello {:?}", sh); + crate::log::trace!("sending server hello {:?}", sh); self.handshake.transcript.add_message(&sh); sess.common.send_msg(sh, false); Ok(()) @@ -748,7 +748,7 @@ impl ExpectClientHello { }), }; - trace!("Sending CertificateRequest {:?}", m); + crate::log::trace!("Sending CertificateRequest {:?}", m); self.handshake.transcript.add_message(&m); sess.common.send_msg(m, false); true @@ -791,7 +791,7 @@ impl ExpectClientHello { id: &SessionID, resumedata: persist::ServerSessionValue) -> NextStateOrError { - debug!("Resuming session"); + crate::log::debug!("Resuming session"); if resumedata.extended_ms && !self.handshake.using_ems { return Err(illegal_param(sess, "refusing to resume without ems")); @@ -917,7 +917,7 @@ impl ExpectClientHello { } if !client_hello.psk_mode_offered(PSKKeyExchangeMode::PSK_DHE_KE) { - warn!("Resumption ignored, DHE_KE not offered"); + crate::log::warn!("Resumption ignored, DHE_KE not offered"); self.send_ticket = false; chosen_psk_index = None; resuming_psk = None; @@ -972,7 +972,7 @@ impl State for ExpectClientHello { let client_hello = extract_handshake!(m, HandshakePayload::ClientHello).unwrap(); let tls13_enabled = sess.config.supports_version(ProtocolVersion::TLSv1_3); let tls12_enabled = sess.config.supports_version(ProtocolVersion::TLSv1_2); - trace!("we got a clienthello {:?}", client_hello); + crate::log::trace!("we got a clienthello {:?}", client_hello); if !client_hello.compression_methods.contains(&Compression::Null) { sess.common.send_fatal_alert(AlertDescription::IllegalParameter); @@ -1032,8 +1032,8 @@ impl State for ExpectClientHello { // Choose a certificate. let mut certkey = { let sni_ref = sni.as_ref().map(|dns_name| dns_name.as_ref()); - trace!("sni {:?}", sni_ref); - trace!("sig schemes {:?}", sigschemes_ext); + crate::log::trace!("sni {:?}", sni_ref); + crate::log::trace!("sig schemes {:?}", sigschemes_ext); let certkey = sess.config.cert_resolver.resolve(sni_ref, sigschemes_ext); certkey.ok_or_else(|| { sess.common.send_fatal_alert(AlertDescription::AccessDenied); @@ -1060,7 +1060,7 @@ impl State for ExpectClientHello { return Err(incompatible(sess, "no ciphersuites in common")); } - debug!("decided upon suite {:?}", maybe_ciphersuite.as_ref().unwrap()); + crate::log::debug!("decided upon suite {:?}", maybe_ciphersuite.as_ref().unwrap()); sess.common.set_suite(maybe_ciphersuite.unwrap()); // Start handshake hash. @@ -1090,8 +1090,8 @@ impl State for ExpectClientHello { let ecpoints_ext = client_hello.get_ecpoints_extension() .ok_or_else(|| incompatible(sess, "client didn't describe ec points"))?; - trace!("namedgroups {:?}", groups_ext); - trace!("ecpoints {:?}", ecpoints_ext); + crate::log::trace!("namedgroups {:?}", groups_ext); + crate::log::trace!("ecpoints {:?}", ecpoints_ext); if !ecpoints_ext.contains(&ECPointFormat::Uncompressed) { sess.common.send_fatal_alert(AlertDescription::IllegalParameter); @@ -1121,7 +1121,7 @@ impl State for ExpectClientHello { if let Some(ticket_ext) = client_hello.get_ticket_extension() { if let ClientExtension::SessionTicketOffer(ref ticket) = *ticket_ext { ticket_received = true; - debug!("Ticket received"); + crate::log::debug!("Ticket received"); let maybe_resume = sess.config .ticketer @@ -1134,7 +1134,7 @@ impl State for ExpectClientHello { &client_hello.session_id, maybe_resume.unwrap()); } else { - debug!("Ticket didn't decrypt"); + crate::log::debug!("Ticket didn't decrypt"); } } } @@ -1224,12 +1224,12 @@ impl State for ExpectTLS12Certificate { if cert_chain.is_empty() && !sess.config.verifier.client_auth_mandatory() { - debug!("client auth requested but no certificate supplied"); + crate::log::debug!("client auth requested but no certificate supplied"); self.handshake.transcript.abandon_client_auth(); return Ok(self.into_expect_tls12_client_kx(None)); } - trace!("certs {:?}", cert_chain); + crate::log::trace!("certs {:?}", cert_chain); sess.config.verifier.verify_client_cert(cert_chain) .or_else(|err| { @@ -1285,7 +1285,7 @@ impl State for ExpectTLS13Certificate { if cert_chain.is_empty() { if !sess.config.verifier.client_auth_mandatory() { - debug!("client auth requested but no certificate supplied"); + crate::log::debug!("client auth requested but no certificate supplied"); self.handshake.transcript.abandon_client_auth(); return Ok(self.into_expect_tls13_finished()); } @@ -1413,7 +1413,7 @@ impl State for ExpectTLS12CertificateVerify { return Err(e); } - trace!("client CertificateVerify OK"); + crate::log::trace!("client CertificateVerify OK"); sess.client_cert_chain = Some(self.client_cert.take_chain()); self.handshake.transcript.add_message(&m); @@ -1459,7 +1459,7 @@ impl State for ExpectTLS13CertificateVerify { return Err(e); } - trace!("client CertificateVerify OK"); + crate::log::trace!("client CertificateVerify OK"); sess.client_cert_chain = Some(self.client_cert.take_chain()); self.handshake.transcript.add_message(&m); @@ -1493,7 +1493,7 @@ impl State for ExpectTLS12CCS { // CCS should not be received interleaved with fragmented handshake-level // message. if !sess.common.handshake_joiner.is_empty() { - warn!("CCS received interleaved with fragmented handshake"); + crate::log::warn!("CCS received interleaved with fragmented handshake"); return Err(TLSError::InappropriateMessage { expect_types: vec![ ContentType::Handshake ], got_type: ContentType::ChangeCipherSpec, @@ -1648,9 +1648,9 @@ impl State for ExpectTLS12Finished { let worked = sess.config.session_storage .put(self.handshake.session_id.get_encoding(), value.get_encoding()); if worked { - debug!("Session saved"); + crate::log::debug!("Session saved"); } else { - debug!("Session not saved"); + crate::log::debug!("Session not saved"); } } @@ -1710,7 +1710,7 @@ impl ExpectTLS13Finished { }), }; - trace!("sending new stateless ticket {:?}", m); + crate::log::trace!("sending new stateless ticket {:?}", m); self.handshake.transcript.add_message(&m); sess.common.send_msg(m, true); } @@ -1735,11 +1735,11 @@ impl ExpectTLS13Finished { }), }; - trace!("sending new stateful ticket {:?}", m); + crate::log::trace!("sending new stateful ticket {:?}", m); self.handshake.transcript.add_message(&m); sess.common.send_msg(m, true); } else { - trace!("resumption not available; not issuing ticket"); + crate::log::trace!("resumption not available; not issuing ticket"); } } } @@ -1760,7 +1760,7 @@ impl State for ExpectTLS13Finished { let fin = constant_time::verify_slices_are_equal(&expect_verify_data, &finished.0) .map_err(|_| { sess.common.send_fatal_alert(AlertDescription::DecryptError); - warn!("Finished wrong"); + crate::log::warn!("Finished wrong"); TLSError::DecryptError }) .map(|_| verify::FinishedMessageVerified::assertion())?; diff --git a/src/server/mod.rs b/src/server/mod.rs index 56a9bc7470..18de831922 100644 --- a/src/server/mod.rs +++ b/src/server/mod.rs @@ -307,7 +307,7 @@ impl ServerSessionImpl { if self.common.is_tls13() && msg.is_content_type(ContentType::ChangeCipherSpec) && self.is_handshaking() { - trace!("Dropping CCS"); + crate::log::trace!("Dropping CCS"); return Ok(()); } diff --git a/src/session.rs b/src/session.rs index 7f1bff6eac..4676747c7f 100644 --- a/src/session.rs +++ b/src/session.rs @@ -547,12 +547,12 @@ impl SessionCommon { if self.is_tls13() { self.send_fatal_alert(AlertDescription::DecodeError); } else { - warn!("TLS alert warning received: {:#?}", msg); + crate::log::warn!("TLS alert warning received: {:#?}", msg); return Ok(()); } } - error!("TLS alert received: {:#?}", msg); + crate::log::error!("TLS alert received: {:#?}", msg); Err(TLSError::AlertReceived(alert.description)) } else { Err(TLSError::CorruptMessagePayload(ContentType::Alert)) @@ -776,19 +776,19 @@ impl SessionCommon { } pub fn send_warning_alert(&mut self, desc: AlertDescription) { - warn!("Sending warning alert {:?}", desc); + crate::log::warn!("Sending warning alert {:?}", desc); self.send_warning_alert_no_log(desc); } pub fn send_fatal_alert(&mut self, desc: AlertDescription) { - warn!("Sending fatal alert {:?}", desc); + crate::log::warn!("Sending fatal alert {:?}", desc); let m = Message::build_alert(AlertLevel::Fatal, desc); let enc = self.we_encrypting; self.send_msg(m, enc); } pub fn send_close_notify(&mut self) { - info!("Sending warning alert {:?}", AlertDescription::CloseNotify); + crate::log::info!("Sending warning alert {:?}", AlertDescription::CloseNotify); self.send_warning_alert_no_log(AlertDescription::CloseNotify); } @@ -799,7 +799,7 @@ impl SessionCommon { // Mustn't be interleaved with other handshake messages. if !self.handshake_joiner.is_empty() { let msg = "KeyUpdate received at wrong time".to_string(); - warn!("{}", msg); + crate::log::warn!("{}", msg); return Err(TLSError::PeerMisbehavedError(msg)); } diff --git a/src/verify.rs b/src/verify.rs index bb175d44a4..83ec0b4265 100644 --- a/src/verify.rs +++ b/src/verify.rs @@ -107,7 +107,7 @@ impl ServerCertVerifier for WebPKIVerifier { .map(|_| cert)?; if !ocsp_response.is_empty() { - debug!("Unvalidated OCSP response: {:?}", ocsp_response.to_vec()); + crate::log::debug!("Unvalidated OCSP response: {:?}", ocsp_response.to_vec()); } cert.verify_is_valid_for_dns_name(dns_name) @@ -381,7 +381,7 @@ pub fn verify_scts(cert: &Certificate, for sct in scts { match sct::verify_sct(&cert.0, &sct.0, now, logs) { Ok(index) => { - debug!("Valid SCT signed by {} on {}", + crate::log::debug!("Valid SCT signed by {} on {}", logs[index].operated_by, logs[index].description); valid_scts += 1; } @@ -389,7 +389,7 @@ pub fn verify_scts(cert: &Certificate, if e.should_be_fatal() { return Err(TLSError::InvalidSCT(e)); } - debug!("SCT ignored because {:?}", e); + crate::log::debug!("SCT ignored because {:?}", e); last_sct_error = Some(e); } } @@ -398,7 +398,7 @@ pub fn verify_scts(cert: &Certificate, /* If we were supplied with some logs, and some SCTs, * but couldn't verify any of them, fail the handshake. */ if !logs.is_empty() && !scts.is_empty() && valid_scts == 0 { - warn!("No valid SCTs provided"); + crate::log::warn!("No valid SCTs provided"); return Err(TLSError::InvalidSCT(last_sct_error.unwrap())); }