Skip to content

Commit

Permalink
Log SSL alerts more prominently
Browse files Browse the repository at this point in the history
When we receive an SSL alert from a server we currently only log a
very cryptic OpenSSL error message:

   OpenSSL: error:0A00042E:SSL routines::tlsv1 alert protocol version:SSL alert number 70

This also enables logging the much more readable SSL error message:

   Received fatal SSL alert: protocol version

which previously needed --verb 8 to be displayed (now verb 3). Also rework the
message to be better readable.

Change-Id: I6bdab3028c9bd679c31d4177a746a3ea505dcbbf
Signed-off-by: Arne Schwabe <[email protected]>
Acked-by: Frank Lichtenheld <[email protected]>
Message-Id: <[email protected]>
URL: https://www.mail-archive.com/[email protected]/msg27523.html
Signed-off-by: Gert Doering <[email protected]>
(cherry picked from commit a1cb1b4)
  • Loading branch information
schwabe authored and cron2 committed Nov 21, 2023
1 parent c1a983e commit 94cd53c
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/openvpn/ssl_openssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -196,8 +196,8 @@ info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret)
}
else if (where & SSL_CB_ALERT)
{
dmsg(D_HANDSHAKE_VERBOSE, "SSL alert (%s): %s: %s",
where & SSL_CB_READ ? "read" : "write",
dmsg(D_TLS_DEBUG_LOW, "%s %s SSL alert: %s",
where & SSL_CB_READ ? "Received" : "Sent",
SSL_alert_type_string_long(ret),
SSL_alert_desc_string_long(ret));
}
Expand Down

0 comments on commit 94cd53c

Please sign in to comment.