Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(610)

Unified Diff: net/socket/ssl_client_socket_impl.cc

Issue 2704623002: Add non-application-data SSL messages to NetLog. (Closed)
Patch Set: tweak comment Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/socket/ssl_client_socket_impl.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_impl.cc
diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc
index 3b29d415746d4c94c8bdb75f8186429d9f85487e..a5f1bbc4c563e5b5f3dc69242f49a42bceaa33dd 100644
--- a/net/socket/ssl_client_socket_impl.cc
+++ b/net/socket/ssl_client_socket_impl.cc
@@ -255,6 +255,43 @@ bssl::UniquePtr<CRYPTO_BUFFER> OSCertHandleToBuffer(
}
#endif
+std::unique_ptr<base::Value> NetLogSSLAlertCallback(
+ const void* bytes,
+ size_t len,
+ NetLogCaptureMode capture_mode) {
+ std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+ dict->SetString("hex_encoded_bytes", base::HexEncode(bytes, len));
+ return std::move(dict);
+}
+
+std::unique_ptr<base::Value> NetLogSSLMessageCallback(
+ bool is_write,
+ const void* bytes,
+ size_t len,
+ NetLogCaptureMode capture_mode) {
+ std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+ if (len == 0) {
+ NOTREACHED();
+ return std::move(dict);
+ }
+
+ // The handshake message type is the first byte. Include it so elided messages
+ // still report their type.
+ uint8_t type = reinterpret_cast<const uint8_t*>(bytes)[0];
+ dict->SetInteger("type", type);
+
+ // Elide client certificate messages unless logging socket bytes. The client
+ // certificate does not contain information needed to impersonate the user
+ // (that's the private key which isn't sent over the wire), but it may contain
+ // information on the user's identity.
+ if (!is_write || type != SSL3_MT_CERTIFICATE ||
+ capture_mode.include_socket_bytes()) {
+ dict->SetString("hex_encoded_bytes", base::HexEncode(bytes, len));
+ }
+
+ return std::move(dict);
+}
+
} // namespace
class SSLClientSocketImpl::SSLContext {
@@ -315,6 +352,8 @@ class SSLClientSocketImpl::SSLContext {
// Deduplicate all certificates minted from the SSL_CTX in memory.
SSL_CTX_set0_buffer_pool(ssl_ctx_.get(), x509_util::GetBufferPool());
+ SSL_CTX_set_msg_callback(ssl_ctx_.get(), MessageCallback);
+
if (!SSL_CTX_add_client_custom_ext(ssl_ctx_.get(), kTbExtNum,
&TokenBindingAddCallback,
&TokenBindingFreeCallback, nullptr,
@@ -405,6 +444,17 @@ class SSLClientSocketImpl::SSLContext {
}
#endif
+ static void MessageCallback(int is_write,
+ int version,
+ int content_type,
+ const void* buf,
+ size_t len,
+ SSL* ssl,
+ void* arg) {
+ SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+ return socket->MessageCallback(is_write, content_type, buf, len);
+ }
+
// This is the index used with SSL_get_ex_data to retrieve the owner
// SSLClientSocketImpl object from an SSL instance.
int ssl_socket_data_index_;
@@ -1812,6 +1862,27 @@ void SSLClientSocketImpl::OnPrivateKeyComplete(
RetryAllOperations();
}
+void SSLClientSocketImpl::MessageCallback(int is_write,
+ int content_type,
+ const void* buf,
+ size_t len) {
+ switch (content_type) {
+ case SSL3_RT_ALERT:
+ net_log_.AddEvent(is_write ? NetLogEventType::SSL_ALERT_SENT
+ : NetLogEventType::SSL_ALERT_RECEIVED,
+ base::Bind(&NetLogSSLAlertCallback, buf, len));
+ break;
+ case SSL3_RT_HANDSHAKE:
+ net_log_.AddEvent(
+ is_write ? NetLogEventType::SSL_HANDSHAKE_MESSAGE_SENT
+ : NetLogEventType::SSL_HANDSHAKE_MESSAGE_RECEIVED,
+ base::Bind(&NetLogSSLMessageCallback, !!is_write, buf, len));
+ break;
+ default:
+ return;
+ }
+}
+
int SSLClientSocketImpl::TokenBindingAdd(const uint8_t** out,
size_t* out_len,
int* out_alert_value) {
« no previous file with comments | « net/socket/ssl_client_socket_impl.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698