From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Thu, 10 Dec 2020 16:03:11 +0000 (+0100)
Subject: MINOR: quic: Display the SSL alert in ->ssl_send_alert() callback.
X-Git-Tag: v2.4-dev5~56
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=47c433fdcb8d90f63179a54db907a5ae6c276197;p=thirdparty%2Fhaproxy.git

MINOR: quic: Display the SSL alert in ->ssl_send_alert() callback.

At least displays the SSL alert error code passed to ->ssl_send_alert()
QUIC BIO method and the SSL encryption level. This function is newly called
when using picoquic client with a recent version of BoringSSL (Nov 19 2020).
This is not the case with OpenSSL with 32 as QUIC draft implementation.
---

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index e4e6b629d4..16c8c43527 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -519,6 +519,17 @@ static void quic_trace(enum trace_level level, uint64_t mask, const struct trace
 				              (unsigned long long)pkt->cdata_len);
 			}
 		}
+
+		if (mask & QUIC_EV_CONN_SSLALERT) {
+			const uint8_t *alert = a2;
+			const enum ssl_encryption_level_t *level = a3;
+
+			if (alert)
+				chunk_appendf(&trace_buf, " alert=0x%02x", *alert);
+			if (level)
+				chunk_appendf(&trace_buf, " el=%c",
+				              quic_enc_level_char(ssl_to_quic_enc_level(*level)));
+		}
 	}
 	if (mask & QUIC_EV_CONN_LPKT) {
 		const struct quic_rx_packet *pkt = a2;
@@ -847,8 +858,7 @@ int ha_quic_send_alert(SSL *ssl, enum ssl_encryption_level_t level, uint8_t aler
 {
 	struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
 
-	TRACE_ENTER(QUIC_EV_CONN_SSLALERT, conn);
-	TRACE_LEAVE(QUIC_EV_CONN_SSLALERT, conn);
+	TRACE_DEVEL("SSL alert", QUIC_EV_CONN_SSLALERT, conn, &alert, &level);
 	return 1;
 }