eggdrop icon indicating copy to clipboard operation
eggdrop copied to clipboard
verified publisher icon eggheads

Enhance ssl log

Open michaelortmann opened this issue 1 year ago • 0 comments

Found by: Robby- Patch by: michaelortmann Fixes:

One-line summary: Enhance ssl log

Additional description (if needed): Fixes part of #86 Also add more error handling (BIO_new())

Test cases demonstrating functionality (if applicable): Test with linking share bot BotB to BotA

Esp. notice the changed log lines below:

[11:25:56] TLS: Received close notify during read
[11:25:56] net: SSL_read(): received shutdown sock 9

instead of

[11:24:36] Received close notify warning during read
[11:24:36] net: eof!(read) socket 9

And on BotA: [11:25:56] TLS: accept loop: [...] is logged while on BotB: [11:25:56] TLS: connect loop: [...] Before:

.link BotA
[11:24:34] tcl: builtin dcc call: *dcc:link -HQ 1 BotA
[11:24:34] #-HQ# link BotA
[11:24:34] Linking to BotA at 127.0.0.1:3343 ...
[11:24:34] net: open_telnet_raw(): idx 3 host 127.0.0.1 ip 127.0.0.1 port 3343 ssl 1
[11:24:35] TLS: attempting SSL negotiation...
[11:24:35] TLS: setting the server name indication (SNI) to 127.0.0.1 successful
[11:24:35] TLS: state change: before SSL initialization
[11:24:35] TLS: state change: before SSL initialization
[11:24:35] TLS: state change: SSLv3/TLS write client hello
[11:24:35] TLS: awaiting more reads
[11:24:35] TLS: handshake in progress
[11:24:35] TLS: state change: SSLv3/TLS write client hello
[11:24:35] TLS: state change: SSLv3/TLS read server hello
[11:24:35] TLS: state change: TLSv1.3 read encrypted extensions
[11:24:35] TLS: state change: SSLv3/TLS read server certificate request
[11:24:35] TLS: peer certificate warning: self-signed certificate
[11:24:35] TLS: peer certificate warning: certificate has expired
[11:24:35] TLS: peer certificate warning: certificate has expired
[11:24:35] TLS: state change: SSLv3/TLS read server certificate
[11:24:35] TLS: state change: TLSv1.3 read server certificate verify
[11:24:35] TLS: state change: SSLv3/TLS read finished
[11:24:35] TLS: state change: SSLv3/TLS write change cipher spec
[11:24:35] TLS: state change: SSLv3/TLS write client certificate
[11:24:35] TLS: state change: SSLv3/TLS write certificate verify
[11:24:35] TLS: state change: SSLv3/TLS write finished
[11:24:35] TLS: handshake successful. Secure connection established.
[11:24:35] TLS: certificate subject: C=EU, O=Eggheads, OU=Botnet, CN=localhost
[11:24:35] TLS: certificate issuer: C=EU, O=Eggheads, OU=Botnet, CN=localhost
[11:24:35] TLS: certificate SHA1 Fingerprint: 1F:5B:6F:78:03:9A:07:2A:82:1C:B4:FE:B9:04:81:DB:41:BB:9E:4F
[11:24:35] TLS: certificate SHA-256 Fingerprint: F7:94:50:38:33:81:E9:B0:62:A2:CC:E5:D8:24:23:87:12:50:B4:59:D0:88:6B:EB:6F:30:A1:E0:73:DC:C0:DD
[11:24:35] TLS: certificate valid from Nov  3 09:43:58 2020 GMT to Dec  3 09:43:58 2020 GMT
[11:24:35] TLS: cipher used: TLS_AES_256_GCM_SHA384, 256 of 256 secret bits used for cipher, TLSv1.3
[11:24:35] TLS: cipher details: TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
[11:24:35] TLS: diffie–hellman ephemeral key used: X25519, bits 253
[11:24:35] sockread EAGAIN: 7 11 (Resource temporarily unavailable)
[11:24:35] TLS: state change: SSL negotiation finished successfully
[11:24:35] TLS: state change: SSL negotiation finished successfully
[11:24:35] TLS: state change: SSLv3/TLS read server session ticket
[11:24:35] sockread EAGAIN: 7 11 (Resource temporarily unavailable)
[11:24:35] TLS: state change: SSL negotiation finished successfully
[11:24:35] TLS: state change: SSL negotiation finished successfully
[11:24:35] TLS: state change: SSLv3/TLS read server session ticket
[11:24:35] sockread EAGAIN: 7 11 (Resource temporarily unavailable)
[11:24:35] Received challenge from BotA... sending response ...
[11:24:35] Linked to BotA.
[11:24:35] Downloading user file from BotA
[11:24:36] TLS: attempting SSL negotiation...
[11:24:36] TLS: not setting the server name indication (SNI) because host is an empty string
[11:24:36] TLS: state change: before SSL initialization
[11:24:36] TLS: state change: before SSL initialization
[11:24:36] TLS: state change: SSLv3/TLS write client hello
[11:24:36] TLS: awaiting more reads
[11:24:36] TLS: handshake in progress
[11:24:36] TLS: state change: SSLv3/TLS write client hello
[11:24:36] TLS: state change: SSLv3/TLS read server hello
[11:24:36] TLS: state change: TLSv1.3 read encrypted extensions
[11:24:36] TLS: state change: SSLv3/TLS read server certificate request
[11:24:36] TLS: peer certificate warning: self-signed certificate
[11:24:36] TLS: peer certificate warning: certificate has expired
[11:24:36] TLS: peer certificate warning: certificate has expired
[11:24:36] TLS: state change: SSLv3/TLS read server certificate
[11:24:36] TLS: state change: TLSv1.3 read server certificate verify
[11:24:36] TLS: state change: SSLv3/TLS read finished
[11:24:36] TLS: state change: SSLv3/TLS write change cipher spec
[11:24:36] TLS: state change: SSLv3/TLS write client certificate
[11:24:36] TLS: state change: SSLv3/TLS write certificate verify
[11:24:36] TLS: state change: SSLv3/TLS write finished
[11:24:36] TLS: handshake successful. Secure connection established.
[11:24:36] TLS: certificate subject: C=EU, O=Eggheads, OU=Botnet, CN=localhost
[11:24:36] TLS: certificate issuer: C=EU, O=Eggheads, OU=Botnet, CN=localhost
[11:24:36] TLS: certificate SHA1 Fingerprint: 1F:5B:6F:78:03:9A:07:2A:82:1C:B4:FE:B9:04:81:DB:41:BB:9E:4F
[11:24:36] TLS: certificate SHA-256 Fingerprint: F7:94:50:38:33:81:E9:B0:62:A2:CC:E5:D8:24:23:87:12:50:B4:59:D0:88:6B:EB:6F:30:A1:E0:73:DC:C0:DD
[11:24:36] TLS: certificate valid from Nov  3 09:43:58 2020 GMT to Dec  3 09:43:58 2020 GMT
[11:24:36] TLS: cipher used: TLS_AES_256_GCM_SHA384, 256 of 256 secret bits used for cipher, TLSv1.3
[11:24:36] TLS: cipher details: TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
[11:24:36] TLS: diffie–hellman ephemeral key used: X25519, bits 253
[11:24:36] sockread EAGAIN: 9 11 (Resource temporarily unavailable)
[11:24:36] net: connect! sock 9
[11:24:36] TLS: state change: SSL negotiation finished successfully
[11:24:36] TLS: state change: SSL negotiation finished successfully
[11:24:36] TLS: state change: SSLv3/TLS read server session ticket
[11:24:36] sockread EAGAIN: 9 11 (Resource temporarily unavailable)
[11:24:36] TLS: state change: SSL negotiation finished successfully
[11:24:36] TLS: state change: SSL negotiation finished successfully
[11:24:36] TLS: state change: SSLv3/TLS read server session ticket
[11:24:36] Received close notify warning during read
[11:24:36] net: eof!(read) socket 9
[11:24:36] Userfile loaded, unpacking...
[11:24:36] Userlist transfer complete; switched over.
[11:24:36] Received close notify warning during write

After:

.link BotA
[11:25:54] tcl: builtin dcc call: *dcc:link -HQ 1 BotA
[11:25:54] #-HQ# link BotA
[11:25:54] Linking to BotA at 127.0.0.1:3343 ...
[11:25:54] net: open_telnet_raw(): idx 3 host 127.0.0.1 ip 127.0.0.1 port 3343 ssl 1
[11:25:55] TLS: attempting SSL negotiation...
[11:25:55] TLS: setting the server name indication (SNI) to 127.0.0.1 successful
[11:25:55] TLS: handshake start: before SSL initialization
[11:25:55] TLS: connect loop: before SSL initialization
[11:25:55] TLS: connect loop: SSLv3/TLS write client hello
[11:25:55] TLS: awaiting more reads
[11:25:55] TLS: handshake in progress
[11:25:55] TLS: connect loop: SSLv3/TLS write client hello
[11:25:55] TLS: connect loop: SSLv3/TLS read server hello
[11:25:55] TLS: connect loop: TLSv1.3 read encrypted extensions
[11:25:55] TLS: connect loop: SSLv3/TLS read server certificate request
[11:25:55] TLS: peer certificate warning: self-signed certificate
[11:25:55] TLS: peer certificate warning: certificate has expired
[11:25:55] TLS: peer certificate warning: certificate has expired
[11:25:55] TLS: connect loop: SSLv3/TLS read server certificate
[11:25:55] TLS: connect loop: TLSv1.3 read server certificate verify
[11:25:55] TLS: connect loop: SSLv3/TLS read finished
[11:25:55] TLS: connect loop: SSLv3/TLS write change cipher spec
[11:25:55] TLS: connect loop: SSLv3/TLS write client certificate
[11:25:55] TLS: connect loop: SSLv3/TLS write certificate verify
[11:25:55] TLS: connect loop: SSLv3/TLS write finished
[11:25:55] TLS: handshake successful. Secure connection established.
[11:25:55] TLS: certificate subject: C=EU, O=Eggheads, OU=Botnet, CN=localhost
[11:25:55] TLS: certificate issuer: C=EU, O=Eggheads, OU=Botnet, CN=localhost
[11:25:55] TLS: certificate SHA1 Fingerprint: 1F:5B:6F:78:03:9A:07:2A:82:1C:B4:FE:B9:04:81:DB:41:BB:9E:4F
[11:25:55] TLS: certificate SHA-256 Fingerprint: F7:94:50:38:33:81:E9:B0:62:A2:CC:E5:D8:24:23:87:12:50:B4:59:D0:88:6B:EB:6F:30:A1:E0:73:DC:C0:DD
[11:25:55] TLS: certificate valid from Nov  3 09:43:58 2020 GMT to Dec  3 09:43:58 2020 GMT
[11:25:55] TLS: cipher used: TLS_AES_256_GCM_SHA384, 256 of 256 secret bits used for cipher, TLSv1.3
[11:25:55] TLS: cipher details: TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
[11:25:55] TLS: diffie–hellman ephemeral key used: X25519, bits 253
[11:25:55] sockread EAGAIN: 7 11 (Resource temporarily unavailable)
[11:25:55] TLS: connect loop: SSL negotiation finished successfully
[11:25:55] TLS: connect loop: SSL negotiation finished successfully
[11:25:55] TLS: connect loop: SSLv3/TLS read server session ticket
[11:25:55] sockread EAGAIN: 7 11 (Resource temporarily unavailable)
[11:25:55] TLS: connect loop: SSL negotiation finished successfully
[11:25:55] TLS: connect loop: SSL negotiation finished successfully
[11:25:55] TLS: connect loop: SSLv3/TLS read server session ticket
[11:25:55] sockread EAGAIN: 7 11 (Resource temporarily unavailable)
[11:25:55] Received challenge from BotA... sending response ...
[11:25:55] Linked to BotA.
[11:25:55] Downloading user file from BotA
[11:25:56] TLS: attempting SSL negotiation...
[11:25:56] TLS: not setting the server name indication (SNI) because host is an empty string
[11:25:56] TLS: handshake start: before SSL initialization
[11:25:56] TLS: connect loop: before SSL initialization
[11:25:56] TLS: connect loop: SSLv3/TLS write client hello
[11:25:56] TLS: awaiting more reads
[11:25:56] TLS: handshake in progress
[11:25:56] TLS: connect loop: SSLv3/TLS write client hello
[11:25:56] TLS: connect loop: SSLv3/TLS read server hello
[11:25:56] TLS: connect loop: TLSv1.3 read encrypted extensions
[11:25:56] TLS: connect loop: SSLv3/TLS read server certificate request
[11:25:56] TLS: peer certificate warning: self-signed certificate
[11:25:56] TLS: peer certificate warning: certificate has expired
[11:25:56] TLS: peer certificate warning: certificate has expired
[11:25:56] TLS: connect loop: SSLv3/TLS read server certificate
[11:25:56] TLS: connect loop: TLSv1.3 read server certificate verify
[11:25:56] TLS: connect loop: SSLv3/TLS read finished
[11:25:56] TLS: connect loop: SSLv3/TLS write change cipher spec
[11:25:56] TLS: connect loop: SSLv3/TLS write client certificate
[11:25:56] TLS: connect loop: SSLv3/TLS write certificate verify
[11:25:56] TLS: connect loop: SSLv3/TLS write finished
[11:25:56] TLS: handshake successful. Secure connection established.
[11:25:56] TLS: certificate subject: C=EU, O=Eggheads, OU=Botnet, CN=localhost
[11:25:56] TLS: certificate issuer: C=EU, O=Eggheads, OU=Botnet, CN=localhost
[11:25:56] TLS: certificate SHA1 Fingerprint: 1F:5B:6F:78:03:9A:07:2A:82:1C:B4:FE:B9:04:81:DB:41:BB:9E:4F
[11:25:56] TLS: certificate SHA-256 Fingerprint: F7:94:50:38:33:81:E9:B0:62:A2:CC:E5:D8:24:23:87:12:50:B4:59:D0:88:6B:EB:6F:30:A1:E0:73:DC:C0:DD
[11:25:56] TLS: certificate valid from Nov  3 09:43:58 2020 GMT to Dec  3 09:43:58 2020 GMT
[11:25:56] TLS: cipher used: TLS_AES_256_GCM_SHA384, 256 of 256 secret bits used for cipher, TLSv1.3
[11:25:56] TLS: cipher details: TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
[11:25:56] TLS: diffie–hellman ephemeral key used: X25519, bits 253
[11:25:56] sockread EAGAIN: 9 11 (Resource temporarily unavailable)
[11:25:56] net: connect! sock 9
[11:25:56] TLS: connect loop: SSL negotiation finished successfully
[11:25:56] TLS: connect loop: SSL negotiation finished successfully
[11:25:56] TLS: connect loop: SSLv3/TLS read server session ticket
[11:25:56] sockread EAGAIN: 9 11 (Resource temporarily unavailable)
[11:25:56] TLS: connect loop: SSL negotiation finished successfully
[11:25:56] TLS: connect loop: SSL negotiation finished successfully
[11:25:56] TLS: connect loop: SSLv3/TLS read server session ticket
[11:25:56] sockread EAGAIN: 9 11 (Resource temporarily unavailable)
[11:25:56] TLS: Received close notify during read
[11:25:56] net: SSL_read(): received shutdown sock 9
[11:25:56] Userfile loaded, unpacking...
[11:25:56] Userlist transfer complete; switched over.
[11:25:56] TLS: Received close notify warning during write

michaelortmann avatar Jun 10 '24 09:06 michaelortmann