Paolo Abeni:

The attached patch cleanup the debug infrastructure for ssl dissector.
Debug messages are by default off and can be enabled via the ssl
dissector preference. Debug output can be directed to stderr or file.


svn path=/trunk/; revision=17253

epan/dissectors/packet-ssl-utils.c

@@ -1180,22 +1180,10 @@ void ssl_free_key(SSL_PRIVATE_KEY* key)
 #endif
 }
 
-#ifdef SSL_DECRYPT_DEBUG
-static FILE* myout=NULL;
-#endif
 void 
 ssl_lib_init(void)
 {
     gnutls_global_init();
-
-#ifdef SSL_DECRYPT_DEBUG    
-#ifdef _WIN32
-    /* we don't have standard I/O file available, open a log */
-    myout = fopen("ssl-decrypt.txt","w");
-    if (!myout)
-#endif /* _WIN32 */
-        myout = stderr;
-#endif /* SSL_DECRYPT_DEBUG */
 }
 
 #else /* HAVE_LIBGNUTLS */
@@ -1268,41 +1256,70 @@ ssl_session_init(SslDecryptSession* ssl_session)
 }
 
 #ifdef SSL_DECRYPT_DEBUG
+
+static FILE* ssl_debug_file=NULL;
+
+void 
+ssl_set_debug(char* name)
+{
+    static int debug_file_must_be_closed = 0;
+    int use_stderr = name?(strcmp(name, SSL_DEBUG_USE_STDERR) == 0):0;
+    
+    if (debug_file_must_be_closed)
+        fclose(ssl_debug_file);
+    if (use_stderr)    
+        ssl_debug_file = stderr;    
+    else if (!name || (strcmp(name, "") ==0))
+        ssl_debug_file = NULL;
+    else
+        ssl_debug_file = fopen(name, "w");    
+    if (!use_stderr && ssl_debug_file)
+        debug_file_must_be_closed = 1;
+}
+
+
 void 
 ssl_debug_printf(const char* fmt, ...)
 {
-  va_list ap;
-  int ret=0;
-  va_start(ap, fmt);
-  ret += vfprintf(myout, fmt, ap);
-  va_end(ap);
-  fflush(myout);
+    va_list ap;
+    int ret=0;
+    if (!ssl_debug_file)  
+        return;
+    
+    va_start(ap, fmt);
+    ret += vfprintf(ssl_debug_file, fmt, ap);
+    va_end(ap);
+    fflush(ssl_debug_file);
 }
 
 void 
 ssl_print_text_data(const char* name, const unsigned char* data, int len)
 {
     int i;
-    fprintf(myout,"%s: ",name);
+    if (!ssl_debug_file)  
+        return;
+    fprintf(ssl_debug_file,"%s: ",name);
     for (i=0; i< len; i++) {
-      fprintf(myout,"%c",data[i]);
+      fprintf(ssl_debug_file,"%c",data[i]);
     }
-    fprintf(myout,"\n");
-    fflush(myout);
+    fprintf(ssl_debug_file,"\n");
+    fflush(ssl_debug_file);
 }
 
 void 
 ssl_print_data(const char* name, const unsigned char* data, int len)
 {
     int i;
-    fprintf(myout,"%s[%d]:\n",name, len);
+    if (!ssl_debug_file)  
+        return;
+    fprintf(ssl_debug_file,"%s[%d]:\n",name, len);
     for (i=0; i< len; i++) {
         if ((i>0) && (i%16 == 0))
-            fprintf(myout,"\n");
-        fprintf(myout,"%.2x ",data[i]&255);
+            fprintf(ssl_debug_file,"\n");
+        fprintf(ssl_debug_file,"%.2x ",data[i]&255);
     }
-    fprintf(myout,"\n");
-    fflush(myout);
+    fprintf(ssl_debug_file,"\n");
+    fflush(ssl_debug_file);
 }
 
 void 

epan/dissectors/packet-ssl-utils.h

@@ -38,6 +38,7 @@
 
 /* #define SSL_FAST 1 */
 #define SSL_DECRYPT_DEBUG
+#define SSL_DEBUG_USE_STDERR "-"
 
 #define SSL_CIPHER_CTX gcry_cipher_hd_t
 #ifdef SSL_FAST
@@ -211,6 +212,8 @@ extern void
 ssl_print_string(const char* name, const StringInfo* data);
 extern void 
 ssl_print_text_data(const char* name, const unsigned char* data, int len);
+extern void 
+ssl_set_debug(char* name);
 #else
 
 /* No debug: nullify debug operation*/
@@ -221,6 +224,8 @@ ssl_debug_printf(const char* fmt _U_,...)
 #define ssl_print_data(a, b, c)
 #define ssl_print_string(a, b)
 #define ssl_print_text_data(a, b, c)
+#define ssl_set_debug(name)
+
 #endif
 
 #endif

epan/dissectors/packet-ssl.c

@@ -219,6 +219,7 @@ typedef struct {
 
 static char* ssl_keys_list = NULL;
 static char* ssl_ports_list = NULL;
+static char* ssl_debug_file_name = NULL;
 
 typedef struct _SslService {
     address addr;
@@ -340,7 +341,8 @@ ssl_association_remove_handle (gpointer key _U_,
     return 0;
 }
 
-static inline int ssl_packet_from_server(unsigned int port)
+static inline int 
+ssl_packet_from_server(unsigned int port)
 {
     register int ret = ssl_association_find(port) != 0;
     ssl_debug_printf("ssl_packet_from_server: is from server %d\n", ret);    
@@ -348,7 +350,8 @@ static inline int ssl_packet_from_server(unsigned int port)
 }    
 
 /* initialize/reset per capture state data (ssl sessions cache) */
-static void ssl_init(void)
+static void 
+ssl_init(void)
 {
     if (ssl_session_hash)
         g_hash_table_destroy(ssl_session_hash);
@@ -360,7 +363,8 @@ static void ssl_init(void)
 }
 
 /* parse ssl related preferences (private keys and ports association strings) */
-static void ssl_parse(void)
+static void 
+ssl_parse(void)
 {
     if (ssl_key_hash)
     {
@@ -497,6 +501,8 @@ static void ssl_parse(void)
         } while (end != NULL);
         free(tmp);
     }
+    
+    ssl_set_debug(ssl_debug_file_name);
 
     /* [re] add ssl dissection to defaults ports */
     ssl_association_add(443, 80, "Hypertext transfer protocol");
@@ -506,7 +512,8 @@ static void ssl_parse(void)
 }
 
 /* store master secret into session data cache */
-static void ssl_save_session(SslDecryptSession* ssl)
+static void 
+ssl_save_session(SslDecryptSession* ssl)
 {
     /* allocate stringinfo chunks for session id and master secret data*/
     StringInfo* session_id = se_alloc0(sizeof(StringInfo) + ssl->session_id.data_len);
@@ -522,7 +529,8 @@ static void ssl_save_session(SslDecryptSession* ssl)
     ssl_print_string("ssl_save_session stored master secret", master_secret);
 }
 
-static void ssl_restore_session(SslDecryptSession* ssl)
+static void 
+ssl_restore_session(SslDecryptSession* ssl)
 {
     StringInfo* ms = g_hash_table_lookup(ssl_session_hash, &ssl->session_id);
     if (!ms) {