commit ac52c4be12399f58c66248a0a4d00434c4ab6b54
author Matt Caswell <matt@openssl.org> Fri Dec 02 17:14:59 2016 +0000
committer Matt Caswell <matt@openssl.org> Fri Jan 06 10:25:13 2017 +0000
tree 5c718b2fe6349bda21184e563452e609c68bd616
parent f63e42887271c61b1c803586a47ecbfa49243a0a

Update SSL_trace to understand TLSv1.3 Certificates

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

ssl/t1_trce.c

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 796759e..4681948 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -766,9 +766,11 @@
 }
 
 static int ssl_print_extensions(BIO *bio, int indent, int server,
-                                const unsigned char *msg, size_t msglen)
+                                const unsigned char **msgin, size_t *msglenin)
 {
-    size_t extslen;
+    size_t extslen, msglen = *msglenin;
+    const unsigned char *msg = *msgin;
+
     BIO_indent(bio, indent, 80);
     if (msglen == 0) {
         BIO_puts(bio, "No Extensions\n");
@@ -795,6 +797,9 @@
         msg += extlen;
         msglen -= extlen + 4;
     }
+
+    *msgin = msg;
+    *msglenin = msglen;
     return 1;
 }
 
@@ -848,7 +853,7 @@
         msglen--;
         len--;
     }
-    if (!ssl_print_extensions(bio, indent, 0, msg, msglen))
+    if (!ssl_print_extensions(bio, indent, 0, &msg, &msglen))
         return 0;
     return 1;
 }
@@ -893,7 +898,7 @@
         msg++;
         msglen--;
     }
-    if (!ssl_print_extensions(bio, indent, 1, msg, msglen))
+    if (!ssl_print_extensions(bio, indent, 1, &msg, &msglen))
         return 0;
     return 1;
 }
@@ -1089,10 +1094,16 @@
     return 1;
 }
 
-static int ssl_print_certificates(BIO *bio, int indent,
+static int ssl_print_certificates(BIO *bio, SSL *s, int server, int indent,
                                   const unsigned char *msg, size_t msglen)
 {
     size_t clen;
+
+    if (SSL_IS_TLS13(s)
+            && !ssl_print_hexbuf(bio, indent, "context", 1, &msg, &msglen))
+        return 0;
+
+
     if (msglen < 3)
         return 0;
     clen = (msg[0] << 16) | (msg[1] << 8) | msg[2];
@@ -1104,6 +1115,9 @@
     while (clen > 0) {
         if (!ssl_print_certificate(bio, indent + 2, &msg, &clen))
             return 0;
+        if (!ssl_print_extensions(bio, indent + 2, server, &msg, &clen))
+            return 0;
+
     }
     return 1;
 }
@@ -1203,7 +1217,7 @@
     return 1;
 }
 
-static int ssl_print_handshake(BIO *bio, SSL *ssl,
+static int ssl_print_handshake(BIO *bio, SSL *ssl, int server,
                                const unsigned char *msg, size_t msglen,
                                int indent)
 {
@@ -1259,7 +1273,7 @@
         break;
 
     case SSL3_MT_CERTIFICATE:
-        if (!ssl_print_certificates(bio, indent + 2, msg, msglen))
+        if (!ssl_print_certificates(bio, ssl, server, indent + 2, msg, msglen))
             return 0;
         break;
 
@@ -1288,7 +1302,7 @@
         break;
 
     case SSL3_MT_ENCRYPTED_EXTENSIONS:
-        if (!ssl_print_extensions(bio, indent + 2, 1, msg, msglen))
+        if (!ssl_print_extensions(bio, indent + 2, 1, &msg, &msglen))
             return 0;
         break;
 
@@ -1338,7 +1352,8 @@
         }
         break;
     case SSL3_RT_HANDSHAKE:
-        if (!ssl_print_handshake(bio, ssl, msg, msglen, 4))
+        if (!ssl_print_handshake(bio, ssl, ssl->server ? write_p : !write_p,
+                                 msg, msglen, 4))
             BIO_printf(bio, "Message length parse error!\n");
         break;