commit 47c433fdcb8d90f63179a54db907a5ae6c276197
author Frédéric Lécaille <flecaille@haproxy.com> Thu Dec 10 17:03:11 2020 +0100
committer Willy Tarreau <w@1wt.eu> Wed Dec 23 11:57:26 2020 +0100
tree 26b30b62e2385a9c9b8c96af9ac09b07e5f8e34e
parent 26c49d9eb07fceba22ac2410a5196ff5d99c9c6e

MINOR: quic: Display the SSL alert in ->ssl_send_alert() callback.

At least displays the SSL alert error code passed to ->ssl_send_alert()
QUIC BIO method and the SSL encryption level. This function is newly called
when using picoquic client with a recent version of BoringSSL (Nov 19 2020).
This is not the case with OpenSSL with 32 as QUIC draft implementation.

src/xprt_quic.c

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index e4e6b62..16c8c43 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -519,6 +519,17 @@
 				              (unsigned long long)pkt->cdata_len);
 			}
 		}
+
+		if (mask & QUIC_EV_CONN_SSLALERT) {
+			const uint8_t *alert = a2;
+			const enum ssl_encryption_level_t *level = a3;
+
+			if (alert)
+				chunk_appendf(&trace_buf, " alert=0x%02x", *alert);
+			if (level)
+				chunk_appendf(&trace_buf, " el=%c",
+				              quic_enc_level_char(ssl_to_quic_enc_level(*level)));
+		}
 	}
 	if (mask & QUIC_EV_CONN_LPKT) {
 		const struct quic_rx_packet *pkt = a2;
@@ -847,8 +858,7 @@
 {
 	struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
 
-	TRACE_ENTER(QUIC_EV_CONN_SSLALERT, conn);
-	TRACE_LEAVE(QUIC_EV_CONN_SSLALERT, conn);
+	TRACE_DEVEL("SSL alert", QUIC_EV_CONN_SSLALERT, conn, &alert, &level);
 	return 1;
 }