From patchwork Mon Nov 20 11:28:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "its_Giaan (Code Review)" X-Patchwork-Id: 3456 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:50e4:b0:f2:62eb:61c1 with SMTP id r4csp2199972dyd; Mon, 20 Nov 2023 03:29:01 -0800 (PST) X-Google-Smtp-Source: AGHT+IF8aTahJD0vyBH2pfRWq6ufDXNdvttixSWQ/GCLav0ofR1zG12i6mjQZx3Nny9ILtVNjfJ0 X-Received: by 2002:a17:90b:a4d:b0:281:2d56:e751 with SMTP id gw13-20020a17090b0a4d00b002812d56e751mr7358421pjb.0.1700479741421; Mon, 20 Nov 2023 03:29:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700479741; cv=none; d=google.com; s=arc-20160816; b=qzYG70m0fOcGUB/F9yw5Jo47PJMNWKvxNp0Bow1c9XRrmyWGsEmgWzKgBJSedrHm0B 8k+1gOzSODkuQj++QsTZrmILpc3iyv/O+W8ntkKJsXZmlkMnQcLAAEXbf7ANHs8JO/Pl SW/VheTKGVkutpkDoWhrSx5A0aV2jppFRW5ss3bAAXZ8Kioj1qZ4iY7SkJuycnF/N+yh e91AQk+m9T1PDLajYNgE5jXEaybjbhCngZuD8sd9cX7gM5IkMeIwY6+C29HUJSEG2Cv6 GKSIXV3Aif5We3qMDbY4b1O6W62Asi23NZ5F6U5ksL5PkrV7EkhSKPpAWK8/WvB+Wp10 WoPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=bHaerOso/sIwi8YuRqJdMO6onkZRVW/3ZXg0MVvd5Oc=; fh=lm0MLPW7DntlrDqRECIiC9JlE1uPxhepE0URYHIf+eE=; b=dttCwtBTSp8JLEDeJWLVKaL7sOnMzeYW4LCE68x66omK0llSp/4l4KiLks1fLTzr2F zKkgNwkzYlD8m+gcFJpMkVyIrMmP3ljTApRF+kn9/BnxQZt8QWxoI/1QoAfR3oubg1Ym bCYatRXCRzwIhRMyQizAvopcXw9Lvzh61RCelukJCtq027EmIs01tZ8U5rMTFO+KKDVH q8ATwQP6dzNnDrZBTuBI3OWbAXbjBemzN1NvBOdQH83fIVNF+2QssKwOIy0ytzBBoZau CV2r8KYQ+2HeGU35+ieV2Xu/HZwmjZRyf4VRNNy3y/WjEkFIOoTA9TkZoJensQkto4QS ah/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=NsokA3+2; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=NrKhvmOa; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=Qtz2tj1n; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id mf13-20020a17090b184d00b002801ac582d0si8332040pjb.185.2023.11.20.03.29.01 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Nov 2023 03:29:01 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=NsokA3+2; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=NrKhvmOa; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=Qtz2tj1n; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1r52Rr-0003zZ-Dp; Mon, 20 Nov 2023 11:28:14 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1r52Rm-0003zP-TI for openvpn-devel@lists.sourceforge.net; Mon, 20 Nov 2023 11:28:10 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=8sh0RH0TpZ21M1Kdo7DvsEzBXKZI9HQLTVHRKj69cak=; b=NsokA3+24KLK4L5je1GrJfHt8r B5PeHow3OzpkDgpIkrDnauybOiFZsiOb2g/KuGoAYQ1VmRrqZZrC3J4Tzn+49q7IsisNWkxmOGhBC lmyRu4zwlqx9IXTrg5+yy9ftSFx665GTpfOjFAvr1LckLWw+BcqLlq23+OjHhTZ+ewFo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=8sh0RH0TpZ21M1Kdo7DvsEzBXKZI9HQLTVHRKj69cak=; b=N rKhvmOahL9OtRgWh5LupGeqOYGbx5XaX3ZOyDTgHclkMuw5JTH9ieoyNBtrQrs1lvGEwAMtyrKFQG h7UWkzyWYCzqZ8ialTi8G3HglFLpldV7s1C+L3kBbdxgDPN7w5Ps4YqZZuuS7BG1CpJReEzJLt7dd w+MPEE7G5OU7Z7CQ=; Received: from mail-wm1-f41.google.com ([209.85.128.41]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1r52Rk-0000w0-Mj for openvpn-devel@lists.sourceforge.net; Mon, 20 Nov 2023 11:28:09 +0000 Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-40a46ea95f0so16921055e9.2 for ; Mon, 20 Nov 2023 03:28:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1700479682; x=1701084482; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=8sh0RH0TpZ21M1Kdo7DvsEzBXKZI9HQLTVHRKj69cak=; b=Qtz2tj1nt/Sl981Wz2GL8OH4ZeFOBaYNXlsgE1ZzhuZeiaUpWpMsEyUqGeuDqlABFm PnFP7QrqxCy/M4GQLIsng0TW/qNKx8cAA3L4AHsKp2gn076nP9bvfth3j4RmU2XmLPOg 03e9doXwole+XL62BoFyXFJu/ra08Ezurq5zXG4js3uJXsFL67cawxlpkQ4IKzEZtbIH aU9/ow7eeiHAXXdMcQPOLfsdiAUYA8vyEE+mjc1LSXjM3woyEcEmKOGfCl0k5W+ITbdA oWDjoTvHOmFH0RfG065iytMNreSXO2GMOMPejWLHa1wM6WASwP+CXuPSKUVfLoZe8BCb hsXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700479682; x=1701084482; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=8sh0RH0TpZ21M1Kdo7DvsEzBXKZI9HQLTVHRKj69cak=; b=Gwvcauk3KyDwgQxUboIJ/4nZkdxWhrwZG9psQ/3mvb2nsieVVXf0bqKHiGs+cSzvb4 tkDR7vogdEjIHfhHCYmJi6sBfvzJhMDHRNFKPUKlWKZet77XAGWVDdaO4EQ9HmmuZzgv fP/WbfchdMXXipU+Td+MoCcowG9Tytbi1Y2tSDcyNMKKhXXZMygl4J9xLJmWMUExp6kc 7/agvqlf+WzM8wmz4AEZBqphNRGC0KlWEr2Ty0VMAebfRhhIK5fbKe1TncpRDsjMzJnm 5gOV8Wt8KJj248I03fsgu12XV9+AYLcyLsg4QAbMPzpuMIHns3VJqaSz+rn8d4C61/y2 +QhA== X-Gm-Message-State: AOJu0YxeLvOs3EGKHt3bs+r0fOcS1QTwbkp2n+ufjlr5Nkf/1uJWuUYo 7seqR/Rmx9++DE9B8S7g5HQI4lVl8/Zh/TvjfsU= X-Received: by 2002:a05:600c:3147:b0:406:53ab:a9af with SMTP id h7-20020a05600c314700b0040653aba9afmr6983074wmo.10.1700479681895; Mon, 20 Nov 2023 03:28:01 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id h20-20020a05600c30d400b004060f0a0fdbsm17168545wmn.41.2023.11.20.03.28.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Nov 2023 03:28:01 -0800 (PST) From: "plaisthos (Code Review)" X-Google-Original-From: "plaisthos (Code Review)" X-Gerrit-PatchSet: 1 Date: Mon, 20 Nov 2023 11:28:00 +0000 To: flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I6bdab3028c9bd679c31d4177a746a3ea505dcbbf X-Gerrit-Change-Number: 448 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: b2718758d7aeafc4d77afd5e42124b50ff1aaf1b References: Message-ID: <3294243313900bdfd258abc4d47910884fa3aab9-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.41 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.41 listed in list.dnswl.org] 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 T_SCC_BODY_TEXT_LINE No description available. 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1r52Rk-0000w0-Mj Subject: [Openvpn-devel] [XS] Change in openvpn[master]: Log SSL alerts more prominently X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1783082245295134086?= X-GMAIL-MSGID: =?utf-8?q?1783082245295134086?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/448?usp=email to review the following change. Change subject: Log SSL alerts more prominently ...................................................................... Log SSL alerts more prominently When we receive an SSL alert from a server we currently only log a very cryptic OpenSSL error message: OpenSSL: error:0A00042E:SSL routines::tlsv1 alert protocol version:SSL alert number 70 This also enables logging the much more readable SSL error message: Received fatal SSL alert: protocol version which previously needed --verb 8 to be displayed (now verb 3). Also rework the message to be better readable. Change-Id: I6bdab3028c9bd679c31d4177a746a3ea505dcbbf Signed-off-by: Arne Schwabe --- M src/openvpn/ssl_openssl.c 1 file changed, 2 insertions(+), 2 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/48/448/1 diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 23e7623..82872bf 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -196,8 +196,8 @@ } else if (where & SSL_CB_ALERT) { - dmsg(D_HANDSHAKE_VERBOSE, "SSL alert (%s): %s: %s", - where & SSL_CB_READ ? "read" : "write", + dmsg(D_TLS_DEBUG_LOW, "%s %s SSL alert: %s", + where & SSL_CB_READ ? "Received" : "Sent", SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret)); }