Improve debug logging of client hard reconnect

The current logging was sub-standard, in particular there was no trace
whatsoever of the HelloVerifyRequest being sent. Now it's being logged with
the usual levels: 4 for full content, 2 return of f_send, 1 decision about
sending it (or taking other branches in the same function) because that's the
same level as state changes in the handshake, and also same as the "possible
client reconnect" message" to which it's the logical continuation (what are we
doing about it?).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2020-03-31 12:07:47 +02:00
parent f4563b4c8b
commit 243d70f2a5

View File

@ -3219,6 +3219,8 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
{
/* If we can't use cookies to verify reachability of the peer,
* drop the record. */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no cookie callbacks, "
"can't check reconnect validity" ) );
return( 0 );
}
@ -3234,16 +3236,23 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
{
int send_ret;
MBEDTLS_SSL_DEBUG_MSG( 1, ( "sending HelloVerifyRequest" ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
ssl->out_buf, len );
/* Don't check write errors as we can't do anything here.
* If the error is permanent we'll catch it later,
* if it's not, then hopefully it'll work next time. */
(void) ssl->f_send( ssl->p_bio, ssl->out_buf, len );
send_ret = ssl->f_send( ssl->p_bio, ssl->out_buf, len );
MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", send_ret );
(void) send_ret;
return( 0 );
}
if( ret == 0 )
{
/* Got a valid cookie, partially reset context */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cookie is valid, resetting context" ) );
if( ( ret = mbedtls_ssl_session_reset_int( ssl, 1 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret );
@ -4416,6 +4425,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
ssl->in_msglen = rec.data_len;
ret = ssl_check_client_reconnect( ssl );
MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_client_reconnect", ret );
if( ret != 0 )
return( ret );
#endif