EditAttachWiki Help
r2 - 28 Feb 2007 - 01:56:57 - HeikkiToivonenYou are here: OSAF >  Journal Web  >  ContributorNotes > HeikkiToivonenNotes > LogSSL20070227

Log SSL

Alternative 1

If you want to see the data Chandler sends and receives over SSL, you can apply the following patch to the site-packages/M2Crypto/SSL/TwistedProtocolWrapper.py file: 

--- M2Crypto/SSL/TwistedProtocolWrapper.py 2007-02-08 16:54:39.000000000 -0800
+++ M2Crypto/SSL/TwistedProtocolWrapper.py 2007-02-08 16:54:39.000000000 -0800
@@ -15,7 +15,7 @@
 from M2Crypto import m2, X509
 from M2Crypto.SSL import Checker
 
-debug = 0
+debug = None
 
 
 def _alwaysSucceedsPostConnectionCheck(peerX509, expectedHost):
@@ -250,8 +250,8 @@
         ProtocolWrapper.makeConnection(self, transport)
 
     def write(self, data):
-        if debug:
-            print 'TwistedProtocolWrapper.write'
+        if debug is None:
+            print 'TwistedProtocolWrapper.write', data
         if not self.tlsStarted:
             ProtocolWrapper.write(self, data)
             return
@@ -304,8 +304,8 @@
             self._clientHello()
 
     def dataReceived(self, data):
-        if debug:
-            print 'TwistedProtocolWrapper.dataReceived'
+        if debug is None:
+            print 'TwistedProtocolWrapper.dataReceived',
         if not self.tlsStarted:
             ProtocolWrapper.dataReceived(self, data)
             return
@@ -321,6 +321,8 @@
                 encryptedData = self._encrypt()
                 ProtocolWrapper.write(self, encryptedData)
 
+                if debug is None:
+                    print decryptedData,
                 ProtocolWrapper.dataReceived(self, decryptedData)
 
                 if decryptedData == '' and encryptedData == '':
@@ -330,6 +332,9 @@
             # for the error codes returned by SSL_get_verify_result.
             e.args = (m2.ssl_get_verify_result(self.ssl), e.args[0])
             raise e
+        finally:
+            if debug is None:
+                print
 
     def connectionLost(self, reason):
         if debug:

Alternative 2

Overriding _encrypt and _decrypt in Chandler.

In case you have multiple SSL connections going on at the same time you probably want to differentiate what each connection is doing separately, hence include self (or other differentiator) in the logging output. 

Index: parcels/osaf/framework/certstore/ssl.py
===================================================================
--- parcels/osaf/framework/certstore/ssl.py	(revision 13291)
+++ parcels/osaf/framework/certstore/ssl.py	(working copy)
@@ -290,7 +290,17 @@
                 return 1
     
             raise e
-
+        
+    def _encrypt(self, data='', clientHello=0):
+        if data != '':
+            print 'encrypt:', self, data
+        return wrapper.TLSProtocolWrapper._encrypt(self, data, clientHello)
+    
+    def _decrypt(self, data=''):
+        decrypted = wrapper.TLSProtocolWrapper._decrypt(self, data)
+        if decrypted != '':
+            print 'decrypt', self, decrypted
+        return decrypted
 
 def connectSSL(host, port, factory, repositoryView, 
                protocol='sslv23',

-- HeikkiToivonen - 28 Feb 2007

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r2 < r1 | More topic actions
 
Open Source Applications Foundation
Except where otherwise noted, this site and its content are licensed by OSAF under an Creative Commons License, Attribution Only 3.0.
See list of page contributors for attributions.