From: Remi Tricot-Le Breton Date: Tue, 15 Jul 2025 08:45:10 +0000 (+0200) Subject: MINOR: ssl: Dump ciphers and sigalgs details in trace with 'advanced' verbosity X-Git-Tag: v3.3-dev4~55 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=665b7d4fa950cbeccd690c157066af69fcabf77c;p=thirdparty%2Fhaproxy.git MINOR: ssl: Dump ciphers and sigalgs details in trace with 'advanced' verbosity The contents of the extensions were only dumped with verbosity 'complete' which meant that the 'advanced' verbosity was pretty much useless despite what its name implies (it was the same as the 'simple' one). The 'advanced' verbosity is now the "maximum" one, using 'complete' would not add any extra information yet, but it leaves more room for some actually large traces to be dumped later on (some complete ClientHello dumps for instance). --- diff --git a/src/ssl_clienthello.c b/src/ssl_clienthello.c index 131c919c5..2befabd73 100644 --- a/src/ssl_clienthello.c +++ b/src/ssl_clienthello.c @@ -346,7 +346,7 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg) has_rsa_sig = 1; } - if ((TRACE_SOURCE)->verbosity > SSL_VERB_ADVANCED) { + if ((TRACE_SOURCE)->verbosity >= SSL_VERB_ADVANCED) { if (TRACE_ENABLED(TRACE_LEVEL_DATA, SSL_EV_CONN_CIPHERS_EXT, conn, 0, 0, 0)) { const uint8_t *cipher_suites; size_t len; diff --git a/src/ssl_trace.c b/src/ssl_trace.c index 3967414a1..ed67a5860 100644 --- a/src/ssl_trace.c +++ b/src/ssl_trace.c @@ -202,7 +202,7 @@ static void ssl_trace(enum trace_level level, uint64_t mask, const struct trace_ } } - if (mask & SSL_EV_CONN_CHOOSE_SNI_CTX && src->verbosity > SSL_VERB_ADVANCED) { + if (mask & SSL_EV_CONN_CHOOSE_SNI_CTX && src->verbosity >= SSL_VERB_ADVANCED) { if (a2) { const char *servername = a2; chunk_appendf(&trace_buf, " : servername=\"%s\"", servername); @@ -215,7 +215,7 @@ static void ssl_trace(enum trace_level level, uint64_t mask, const struct trace_ } } - if (mask & SSL_EV_CONN_SIGALG_EXT && src->verbosity > SSL_VERB_ADVANCED) { + if (mask & SSL_EV_CONN_SIGALG_EXT && src->verbosity >= SSL_VERB_ADVANCED) { if (a2 && a3) { const uint16_t *extension_data = a2; size_t extension_len = *((size_t*)a3); @@ -245,7 +245,7 @@ static void ssl_trace(enum trace_level level, uint64_t mask, const struct trace_ } } - if (mask & SSL_EV_CONN_CIPHERS_EXT && src->verbosity > SSL_VERB_ADVANCED) { + if (mask & SSL_EV_CONN_CIPHERS_EXT && src->verbosity >= SSL_VERB_ADVANCED) { if (a2 && a3 && a4) { SSL *ssl = (SSL*)a2; const uint16_t *extension_data = a3; @@ -277,7 +277,7 @@ static void ssl_trace(enum trace_level level, uint64_t mask, const struct trace_ } } - if (mask & SSL_EV_CONN_CURVES_EXT && src->verbosity > SSL_VERB_ADVANCED) { + if (mask & SSL_EV_CONN_CURVES_EXT && src->verbosity >= SSL_VERB_ADVANCED) { if (a2 && a3) { const uint16_t *extension_data = a2; size_t extension_len = *((size_t*)a3);