-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added debug print in tls13 ssl_tls13_write_key_share_ext #9798
base: development
Are you sure you want to change the base?
Added debug print in tls13 ssl_tls13_write_key_share_ext #9798
Conversation
Hi @NadavTasher , the CI is failing because the DCO check is not passing. Can you please resubmit with a signed off commit? e.g. |
Signed-off-by: Nadav Tasher <tashernadav@gmail.com>
b9a0cd1
to
8bfa04a
Compare
@tom-daubney-arm Done. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM - thanks for your contribution.
@@ -318,6 +318,7 @@ static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl, | |||
ssl, group_id, p, end, &key_exchange_len); | |||
p += key_exchange_len; | |||
if (ret != 0) { | |||
MBEDTLS_SSL_DEBUG_MSG(1, ("client hello: failed generating xxdh key exchange")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's usually useful to log the error code too, we have a macro for that. Also, when debugging the library, it's convenient to have the function name.
MBEDTLS_SSL_DEBUG_MSG(1, ("client hello: failed generating xxdh key exchange")); | |
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange", ret); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree that the MBEDTLS_SSL_DEBUG_RET should be used, but isn't it better to keep the text as is?
Seems like it gives a more literal description of the error - when someone will debug the library they will end up Ctrl + F
ing the string anyway...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
MBEDTLS_SSL_DEBUG_RET
would be consistent with the rest of the code base, and gives the location of the failure plus the error code. But that's no big deal.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM — should be backported to 3.6 for consistency, I'll go ahead and do that.
@@ -318,6 +318,7 @@ static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl, | |||
ssl, group_id, p, end, &key_exchange_len); | |||
p += key_exchange_len; | |||
if (ret != 0) { | |||
MBEDTLS_SSL_DEBUG_MSG(1, ("client hello: failed generating xxdh key exchange")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
MBEDTLS_SSL_DEBUG_RET
would be consistent with the rest of the code base, and gives the location of the failure plus the error code. But that's no big deal.
Can anyone merge this? |
Description
Added a useful debug print in tls13 client hello (helped me debug a faulty config)
PR checklist