Log SSL alerts received on the server.

Summary: Alerts may be sent by clients, potentially letting us know why connections fail. Reviewed By: siyengar Differential Revision: D3117395 fb-gh-sync-id: bddf51f2399eb9e7e397981d5440adb3e815d6d2 fbshipit-source-id: bddf51f2399eb9e7e397981d5440adb3e815d6d2

Log SSL alerts received on the server.
Summary: Alerts may be sent by clients, potentially letting us know why connections fail. Reviewed By: siyengar Differential Revision: D3117395 fb-gh-sync-id: bddf51f2399eb9e7e397981d5440adb3e815d6d2 fbshipit-source-id: bddf51f2399eb9e7e397981d5440adb3e815d6d2
2cf0e317 · Kyle Nekritz · Facebook Github Bot 3 · f30ed164 · 2cf0e317 · 2cf0e317
Commit 2cf0e317 authored Mar 31, 2016 by Kyle Nekritz Committed by Facebook Github Bot 3 Mar 31, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 1 deletion

folly/io/async/AsyncSSLSocket.cpp folly/io/async/AsyncSSLSocket.cpp +9 -1

folly/io/async/AsyncSSLSocket.h folly/io/async/AsyncSSLSocket.h +14 -0

No files found.
--- a/folly/io/async/AsyncSSLSocket.cpp
+++ b/folly/io/async/AsyncSSLSocket.cpp
@@ -1586,11 +1586,19 @@ int AsyncSSLSocket::eorAwareSSLWrite(SSL *ssl, const void *buf, int n,
  return n;
 }

-void AsyncSSLSocket::sslInfoCallback(const SSL* ssl, int where, int /* ret */) {
+void AsyncSSLSocket::sslInfoCallback(const SSL* ssl, int where, int ret) {
  AsyncSSLSocket *sslSocket = AsyncSSLSocket::getFromSSL(ssl);
  if (sslSocket->handshakeComplete_ && (where & SSL_CB_HANDSHAKE_START)) {
    sslSocket->renegotiateAttempted_ = true;
  }
+  if (where & SSL_CB_READ_ALERT) {
+    const char* type = SSL_alert_type_string(ret);
+    if (type) {
+      const char* desc = SSL_alert_desc_string(ret);
+      sslSocket->alertsReceived_.emplace_back(
+          *type, StringPiece(desc, std::strlen(desc)));
+    }
+  }
 }

 int AsyncSSLSocket::eorAwareBioWrite(BIO *b, const char *in, int inl) {

--- a/folly/io/async/AsyncSSLSocket.h
+++ b/folly/io/async/AsyncSSLSocket.h
@@ -625,6 +625,19 @@ class AsyncSSLSocket : public virtual AsyncSocket {
    return sigAlgs;
  }

+  std::string getSSLAlertsReceived() const {
+    std::string ret;
+
+    for (const auto& alert : alertsReceived_) {
+      if (!ret.empty()) {
+        ret.append(",");
+      }
+      ret.append(folly::to<std::string>(alert.first, ": ", alert.second));
+    }
+
+    return ret;
+  }
+
  /**
   * Get the list of shared ciphers between the server and the client.
   * Works well for only SSLv2, not so good for SSLv3 or TLSv1.
@@ -842,6 +855,7 @@ class AsyncSSLSocket : public virtual AsyncSocket {
  bool cacheAddrOnFailure_{false};
  bool bufferMovableEnabled_{false};
  std::unique_ptr<ssl::ClientHelloInfo> clientHelloInfo_;
+  std::vector<std::pair<char, StringPiece>> alertsReceived_;

  // Time taken to complete the ssl handshake.
  std::chrono::steady_clock::time_point handshakeStartTime_;