Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance ssl log #1607

Merged
merged 6 commits into from
Jul 6, 2024
Merged

Enhance ssl log #1607

merged 6 commits into from
Jul 6, 2024

Conversation

michaelortmann
Copy link
Member

@michaelortmann michaelortmann commented Jun 10, 2024
edited
Loading

Found by: Robby-
Patch by: michaelortmann
Fixes:

One-line summary:
Enhance ssl log

Additional description (if needed):
Fixes part of #86
Also add more error handling (BIO_new())

Test cases demonstrating functionality (if applicable):
Test with linking share bot BotB to BotA

Esp. notice the changed log lines below:

[11:25:56] TLS: Received close notify during read
[11:25:56] net: SSL_read(): received shutdown sock 9

instead of

[11:24:36] Received close notify warning during read
[11:24:36] net: eof!(read) socket 9

And on BotA:
[11:25:56] TLS: accept loop: [...]
is logged while on BotB:
[11:25:56] TLS: connect loop: [...]
Before:

.link BotA
[11:24:34] tcl: builtin dcc call: *dcc:link -HQ 1 BotA
[11:24:34] #-HQ# link BotA
[11:24:34] Linking to BotA at 127.0.0.1:3343 ...
[11:24:34] net: open_telnet_raw(): idx 3 host 127.0.0.1 ip 127.0.0.1 port 3343 ssl 1
[11:24:35] TLS: attempting SSL negotiation...
[11:24:35] TLS: setting the server name indication (SNI) to 127.0.0.1 successful
[11:24:35] TLS: state change: before SSL initialization
[11:24:35] TLS: state change: before SSL initialization
[11:24:35] TLS: state change: SSLv3/TLS write client hello
[11:24:35] TLS: awaiting more reads
[11:24:35] TLS: handshake in progress
[11:24:35] TLS: state change: SSLv3/TLS write client hello
[11:24:35] TLS: state change: SSLv3/TLS read server hello
[11:24:35] TLS: state change: TLSv1.3 read encrypted extensions
[11:24:35] TLS: state change: SSLv3/TLS read server certificate request
[11:24:35] TLS: peer certificate warning: self-signed certificate
[11:24:35] TLS: peer certificate warning: certificate has expired
[11:24:35] TLS: peer certificate warning: certificate has expired
[11:24:35] TLS: state change: SSLv3/TLS read server certificate
[11:24:35] TLS: state change: TLSv1.3 read server certificate verify
[11:24:35] TLS: state change: SSLv3/TLS read finished
[11:24:35] TLS: state change: SSLv3/TLS write change cipher spec
[11:24:35] TLS: state change: SSLv3/TLS write client certificate
[11:24:35] TLS: state change: SSLv3/TLS write certificate verify
[11:24:35] TLS: state change: SSLv3/TLS write finished
[11:24:35] TLS: handshake successful. Secure connection established.
[11:24:35] TLS: certificate subject: C=EU, O=Eggheads, OU=Botnet, CN=localhost
[11:24:35] TLS: certificate issuer: C=EU, O=Eggheads, OU=Botnet, CN=localhost
[11:24:35] TLS: certificate SHA1 Fingerprint: 1F:5B:6F:78:03:9A:07:2A:82:1C:B4:FE:B9:04:81:DB:41:BB:9E:4F
[11:24:35] TLS: certificate SHA-256 Fingerprint: F7:94:50:38:33:81:E9:B0:62:A2:CC:E5:D8:24:23:87:12:50:B4:59:D0:88:6B:EB:6F:30:A1:E0:73:DC:C0:DD
[11:24:35] TLS: certificate valid from Nov  3 09:43:58 2020 GMT to Dec  3 09:43:58 2020 GMT
[11:24:35] TLS: cipher used: TLS_AES_256_GCM_SHA384, 256 of 256 secret bits used for cipher, TLSv1.3
[11:24:35] TLS: cipher details: TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
[11:24:35] TLS: diffie–hellman ephemeral key used: X25519, bits 253
[11:24:35] sockread EAGAIN: 7 11 (Resource temporarily unavailable)
[11:24:35] TLS: state change: SSL negotiation finished successfully
[11:24:35] TLS: state change: SSL negotiation finished successfully
[11:24:35] TLS: state change: SSLv3/TLS read server session ticket
[11:24:35] sockread EAGAIN: 7 11 (Resource temporarily unavailable)
[11:24:35] TLS: state change: SSL negotiation finished successfully
[11:24:35] TLS: state change: SSL negotiation finished successfully
[11:24:35] TLS: state change: SSLv3/TLS read server session ticket
[11:24:35] sockread EAGAIN: 7 11 (Resource temporarily unavailable)
[11:24:35] Received challenge from BotA... sending response ...
[11:24:35] Linked to BotA.
[11:24:35] Downloading user file from BotA
[11:24:36] TLS: attempting SSL negotiation...
[11:24:36] TLS: not setting the server name indication (SNI) because host is an empty string
[11:24:36] TLS: state change: before SSL initialization
[11:24:36] TLS: state change: before SSL initialization
[11:24:36] TLS: state change: SSLv3/TLS write client hello
[11:24:36] TLS: awaiting more reads
[11:24:36] TLS: handshake in progress
[11:24:36] TLS: state change: SSLv3/TLS write client hello
[11:24:36] TLS: state change: SSLv3/TLS read server hello
[11:24:36] TLS: state change: TLSv1.3 read encrypted extensions
[11:24:36] TLS: state change: SSLv3/TLS read server certificate request
[11:24:36] TLS: peer certificate warning: self-signed certificate
[11:24:36] TLS: peer certificate warning: certificate has expired
[11:24:36] TLS: peer certificate warning: certificate has expired
[11:24:36] TLS: state change: SSLv3/TLS read server certificate
[11:24:36] TLS: state change: TLSv1.3 read server certificate verify
[11:24:36] TLS: state change: SSLv3/TLS read finished
[11:24:36] TLS: state change: SSLv3/TLS write change cipher spec
[11:24:36] TLS: state change: SSLv3/TLS write client certificate
[11:24:36] TLS: state change: SSLv3/TLS write certificate verify
[11:24:36] TLS: state change: SSLv3/TLS write finished
[11:24:36] TLS: handshake successful. Secure connection established.
[11:24:36] TLS: certificate subject: C=EU, O=Eggheads, OU=Botnet, CN=localhost
[11:24:36] TLS: certificate issuer: C=EU, O=Eggheads, OU=Botnet, CN=localhost
[11:24:36] TLS: certificate SHA1 Fingerprint: 1F:5B:6F:78:03:9A:07:2A:82:1C:B4:FE:B9:04:81:DB:41:BB:9E:4F
[11:24:36] TLS: certificate SHA-256 Fingerprint: F7:94:50:38:33:81:E9:B0:62:A2:CC:E5:D8:24:23:87:12:50:B4:59:D0:88:6B:EB:6F:30:A1:E0:73:DC:C0:DD
[11:24:36] TLS: certificate valid from Nov  3 09:43:58 2020 GMT to Dec  3 09:43:58 2020 GMT
[11:24:36] TLS: cipher used: TLS_AES_256_GCM_SHA384, 256 of 256 secret bits used for cipher, TLSv1.3
[11:24:36] TLS: cipher details: TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
[11:24:36] TLS: diffie–hellman ephemeral key used: X25519, bits 253
[11:24:36] sockread EAGAIN: 9 11 (Resource temporarily unavailable)
[11:24:36] net: connect! sock 9
[11:24:36] TLS: state change: SSL negotiation finished successfully
[11:24:36] TLS: state change: SSL negotiation finished successfully
[11:24:36] TLS: state change: SSLv3/TLS read server session ticket
[11:24:36] sockread EAGAIN: 9 11 (Resource temporarily unavailable)
[11:24:36] TLS: state change: SSL negotiation finished successfully
[11:24:36] TLS: state change: SSL negotiation finished successfully
[11:24:36] TLS: state change: SSLv3/TLS read server session ticket
[11:24:36] Received close notify warning during read
[11:24:36] net: eof!(read) socket 9
[11:24:36] Userfile loaded, unpacking...
[11:24:36] Userlist transfer complete; switched over.
[11:24:36] Received close notify warning during write

After:

.link BotA
[11:25:54] tcl: builtin dcc call: *dcc:link -HQ 1 BotA
[11:25:54] #-HQ# link BotA
[11:25:54] Linking to BotA at 127.0.0.1:3343 ...
[11:25:54] net: open_telnet_raw(): idx 3 host 127.0.0.1 ip 127.0.0.1 port 3343 ssl 1
[11:25:55] TLS: attempting SSL negotiation...
[11:25:55] TLS: setting the server name indication (SNI) to 127.0.0.1 successful
[11:25:55] TLS: handshake start: before SSL initialization
[11:25:55] TLS: connect loop: before SSL initialization
[11:25:55] TLS: connect loop: SSLv3/TLS write client hello
[11:25:55] TLS: awaiting more reads
[11:25:55] TLS: handshake in progress
[11:25:55] TLS: connect loop: SSLv3/TLS write client hello
[11:25:55] TLS: connect loop: SSLv3/TLS read server hello
[11:25:55] TLS: connect loop: TLSv1.3 read encrypted extensions
[11:25:55] TLS: connect loop: SSLv3/TLS read server certificate request
[11:25:55] TLS: peer certificate warning: self-signed certificate
[11:25:55] TLS: peer certificate warning: certificate has expired
[11:25:55] TLS: peer certificate warning: certificate has expired
[11:25:55] TLS: connect loop: SSLv3/TLS read server certificate
[11:25:55] TLS: connect loop: TLSv1.3 read server certificate verify
[11:25:55] TLS: connect loop: SSLv3/TLS read finished
[11:25:55] TLS: connect loop: SSLv3/TLS write change cipher spec
[11:25:55] TLS: connect loop: SSLv3/TLS write client certificate
[11:25:55] TLS: connect loop: SSLv3/TLS write certificate verify
[11:25:55] TLS: connect loop: SSLv3/TLS write finished
[11:25:55] TLS: handshake successful. Secure connection established.
[11:25:55] TLS: certificate subject: C=EU, O=Eggheads, OU=Botnet, CN=localhost
[11:25:55] TLS: certificate issuer: C=EU, O=Eggheads, OU=Botnet, CN=localhost
[11:25:55] TLS: certificate SHA1 Fingerprint: 1F:5B:6F:78:03:9A:07:2A:82:1C:B4:FE:B9:04:81:DB:41:BB:9E:4F
[11:25:55] TLS: certificate SHA-256 Fingerprint: F7:94:50:38:33:81:E9:B0:62:A2:CC:E5:D8:24:23:87:12:50:B4:59:D0:88:6B:EB:6F:30:A1:E0:73:DC:C0:DD
[11:25:55] TLS: certificate valid from Nov  3 09:43:58 2020 GMT to Dec  3 09:43:58 2020 GMT
[11:25:55] TLS: cipher used: TLS_AES_256_GCM_SHA384, 256 of 256 secret bits used for cipher, TLSv1.3
[11:25:55] TLS: cipher details: TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
[11:25:55] TLS: diffie–hellman ephemeral key used: X25519, bits 253
[11:25:55] sockread EAGAIN: 7 11 (Resource temporarily unavailable)
[11:25:55] TLS: connect loop: SSL negotiation finished successfully
[11:25:55] TLS: connect loop: SSL negotiation finished successfully
[11:25:55] TLS: connect loop: SSLv3/TLS read server session ticket
[11:25:55] sockread EAGAIN: 7 11 (Resource temporarily unavailable)
[11:25:55] TLS: connect loop: SSL negotiation finished successfully
[11:25:55] TLS: connect loop: SSL negotiation finished successfully
[11:25:55] TLS: connect loop: SSLv3/TLS read server session ticket
[11:25:55] sockread EAGAIN: 7 11 (Resource temporarily unavailable)
[11:25:55] Received challenge from BotA... sending response ...
[11:25:55] Linked to BotA.
[11:25:55] Downloading user file from BotA
[11:25:56] TLS: attempting SSL negotiation...
[11:25:56] TLS: not setting the server name indication (SNI) because host is an empty string
[11:25:56] TLS: handshake start: before SSL initialization
[11:25:56] TLS: connect loop: before SSL initialization
[11:25:56] TLS: connect loop: SSLv3/TLS write client hello
[11:25:56] TLS: awaiting more reads
[11:25:56] TLS: handshake in progress
[11:25:56] TLS: connect loop: SSLv3/TLS write client hello
[11:25:56] TLS: connect loop: SSLv3/TLS read server hello
[11:25:56] TLS: connect loop: TLSv1.3 read encrypted extensions
[11:25:56] TLS: connect loop: SSLv3/TLS read server certificate request
[11:25:56] TLS: peer certificate warning: self-signed certificate
[11:25:56] TLS: peer certificate warning: certificate has expired
[11:25:56] TLS: peer certificate warning: certificate has expired
[11:25:56] TLS: connect loop: SSLv3/TLS read server certificate
[11:25:56] TLS: connect loop: TLSv1.3 read server certificate verify
[11:25:56] TLS: connect loop: SSLv3/TLS read finished
[11:25:56] TLS: connect loop: SSLv3/TLS write change cipher spec
[11:25:56] TLS: connect loop: SSLv3/TLS write client certificate
[11:25:56] TLS: connect loop: SSLv3/TLS write certificate verify
[11:25:56] TLS: connect loop: SSLv3/TLS write finished
[11:25:56] TLS: handshake successful. Secure connection established.
[11:25:56] TLS: certificate subject: C=EU, O=Eggheads, OU=Botnet, CN=localhost
[11:25:56] TLS: certificate issuer: C=EU, O=Eggheads, OU=Botnet, CN=localhost
[11:25:56] TLS: certificate SHA1 Fingerprint: 1F:5B:6F:78:03:9A:07:2A:82:1C:B4:FE:B9:04:81:DB:41:BB:9E:4F
[11:25:56] TLS: certificate SHA-256 Fingerprint: F7:94:50:38:33:81:E9:B0:62:A2:CC:E5:D8:24:23:87:12:50:B4:59:D0:88:6B:EB:6F:30:A1:E0:73:DC:C0:DD
[11:25:56] TLS: certificate valid from Nov  3 09:43:58 2020 GMT to Dec  3 09:43:58 2020 GMT
[11:25:56] TLS: cipher used: TLS_AES_256_GCM_SHA384, 256 of 256 secret bits used for cipher, TLSv1.3
[11:25:56] TLS: cipher details: TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
[11:25:56] TLS: diffie–hellman ephemeral key used: X25519, bits 253
[11:25:56] sockread EAGAIN: 9 11 (Resource temporarily unavailable)
[11:25:56] net: connect! sock 9
[11:25:56] TLS: connect loop: SSL negotiation finished successfully
[11:25:56] TLS: connect loop: SSL negotiation finished successfully
[11:25:56] TLS: connect loop: SSLv3/TLS read server session ticket
[11:25:56] sockread EAGAIN: 9 11 (Resource temporarily unavailable)
[11:25:56] TLS: connect loop: SSL negotiation finished successfully
[11:25:56] TLS: connect loop: SSL negotiation finished successfully
[11:25:56] TLS: connect loop: SSLv3/TLS read server session ticket
[11:25:56] sockread EAGAIN: 9 11 (Resource temporarily unavailable)
[11:25:56] TLS: Received close notify during read
[11:25:56] net: SSL_read(): received shutdown sock 9
[11:25:56] Userfile loaded, unpacking...
[11:25:56] Userlist transfer complete; switched over.
[11:25:56] TLS: Received close notify warning during write

@vanosg vanosg added this to the v1.10.0 milestone Jul 6, 2024
@vanosg vanosg merged commit ffb125c into eggheads:develop Jul 6, 2024
2 checks passed
@michaelortmann michaelortmann deleted the ssl.log branch July 6, 2024 19:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.10.0
Development

Successfully merging this pull request may close these issues.
2 participants
@michaelortmann @vanosg