Skip to content

F
folly
Commit 2cf0e317 authored by Kyle Nekritz's avatar Kyle Nekritz Committed by Facebook Github Bot 3
Browse files
Options

Log SSL alerts received on the server. 

Summary: Alerts may be sent by clients, potentially letting us know why connections fail.

Reviewed By: siyengar

Differential Revision: D3117395

fb-gh-sync-id: bddf51f2399eb9e7e397981d5440adb3e815d6d2
fbshipit-source-id: bddf51f2399eb9e7e397981d5440adb3e815d6d2
parent f30ed164
Hide whitespace changes
Inline Side-by-side
Showing with 23 additions and 1 deletion
folly/io/async/AsyncSSLSocket.cpp
View file @ 2cf0e317
...@@ -1586,11 +1586,19 @@ int AsyncSSLSocket::eorAwareSSLWrite(SSL *ssl, const void *buf, int n, ...@@ -1586,11 +1586,19 @@ int AsyncSSLSocket::eorAwareSSLWrite(SSL *ssl, const void *buf, int n,
return n; return n;
} }
void AsyncSSLSocket::sslInfoCallback(const SSL* ssl, int where, int /* ret */) { void AsyncSSLSocket::sslInfoCallback(const SSL* ssl, int where, int ret) {
AsyncSSLSocket *sslSocket = AsyncSSLSocket::getFromSSL(ssl); AsyncSSLSocket *sslSocket = AsyncSSLSocket::getFromSSL(ssl);
if (sslSocket->handshakeComplete_ && (where & SSL_CB_HANDSHAKE_START)) { if (sslSocket->handshakeComplete_ && (where & SSL_CB_HANDSHAKE_START)) {
sslSocket->renegotiateAttempted_ = true; sslSocket->renegotiateAttempted_ = true;
} }
if (where & SSL_CB_READ_ALERT) {
const char* type = SSL_alert_type_string(ret);
if (type) {
const char* desc = SSL_alert_desc_string(ret);
sslSocket->alertsReceived_.emplace_back(
*type, StringPiece(desc, std::strlen(desc)));
}
}
} }
int AsyncSSLSocket::eorAwareBioWrite(BIO *b, const char *in, int inl) { int AsyncSSLSocket::eorAwareBioWrite(BIO *b, const char *in, int inl) {
......
folly/io/async/AsyncSSLSocket.h
View file @ 2cf0e317
...@@ -625,6 +625,19 @@ class AsyncSSLSocket : public virtual AsyncSocket { ...@@ -625,6 +625,19 @@ class AsyncSSLSocket : public virtual AsyncSocket {
return sigAlgs; return sigAlgs;
} }
std::string getSSLAlertsReceived() const {
std::string ret;
for (const auto& alert : alertsReceived_) {
if (!ret.empty()) {
ret.append(",");
}
ret.append(folly::to<std::string>(alert.first, ": ", alert.second));
}
return ret;
}
/** /**
* Get the list of shared ciphers between the server and the client. * Get the list of shared ciphers between the server and the client.
* Works well for only SSLv2, not so good for SSLv3 or TLSv1. * Works well for only SSLv2, not so good for SSLv3 or TLSv1.
...@@ -842,6 +855,7 @@ class AsyncSSLSocket : public virtual AsyncSocket { ...@@ -842,6 +855,7 @@ class AsyncSSLSocket : public virtual AsyncSocket {
bool cacheAddrOnFailure_{false}; bool cacheAddrOnFailure_{false};
bool bufferMovableEnabled_{false}; bool bufferMovableEnabled_{false};
std::unique_ptr<ssl::ClientHelloInfo> clientHelloInfo_; std::unique_ptr<ssl::ClientHelloInfo> clientHelloInfo_;
std::vector<std::pair<char, StringPiece>> alertsReceived_;
// Time taken to complete the ssl handshake. // Time taken to complete the ssl handshake.
std::chrono::steady_clock::time_point handshakeStartTime_; std::chrono::steady_clock::time_point handshakeStartTime_;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment