Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

equivalent function to curl --verbose? #25383

Closed
cailin-lai opened this issue Jan 8, 2019 · 5 comments
Closed

equivalent function to curl --verbose? #25383

cailin-lai opened this issue Jan 8, 2019 · 5 comments
Labels
wrong repo Issues that should be opened in another repository.

Comments

@cailin-lai
Copy link

Hi Team,
Is there equivalent function to curl --verbose? See following outputs, it will be good for trouble-shooting connection issue. Thanks!

curl --verbose -I https://github.com

Rebuilt URL to: https://github.com/
Trying 192.30.253.112...
TCP_NODELAY set
Connected to github.com (192.30.253.112) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@strength
successfully set certificate verify locations:
CAfile: /etc/ssl/cert.pem
CApath: none
TLSv1.2 (OUT), TLS handshake, Client hello (1):
TLSv1.2 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS handshake, Server key exchange (12):
TLSv1.2 (IN), TLS handshake, Server finished (14):
TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
TLSv1.2 (OUT), TLS change cipher, Client hello (1):
TLSv1.2 (OUT), TLS handshake, Finished (20):
TLSv1.2 (IN), TLS change cipher, Client hello (1):
TLSv1.2 (IN), TLS handshake, Finished (20):
SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
ALPN, server accepted to use http/1.1
Server certificate:
subject: businessCategory=Private Organization; 1.3.6.1.4.1.311.60.2.1.3=US; 1.3.6.1.4.1.311.60.2.1.2=Delaware; serialNumber=5157550; C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
start date: May 8 00:00:00 2018 GMT
expire date: Jun 3 12:00:00 2020 GMT
issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
SSL certificate verify ok.
.....

@cailin-lai
Copy link
Author

I know that TLSSocket.getPeerCertificate() works well to get certificate, but how to get the handshake process?
Thanks.

@mscdex
Copy link
Contributor

mscdex commented Jan 8, 2019

This issue tracker is for reporting bugs in node core and submitting feature requests for node core.

General help questions should be posted to the nodejs/help issue tracker instead.

Issues with third-party modules, npm, or other tools that use node, should be posted to the appropriate issue tracker for that project, unless it can be proven that the issue is in fact with node core and not the module/tool in question.

@mscdex mscdex closed this as completed Jan 8, 2019
@mscdex mscdex added the wrong repo Issues that should be opened in another repository. label Jan 8, 2019
@sam-github
Copy link
Contributor

@cailin-lai I have code locally to enable TLS trace output, but formalizing it into an API is a fair amount of work because there are many choices to be made, with lots of tradeoffs. There are two callbacks that give information about TLS progress (at different granularity). There are multiple ways to format the info from the callback, and one of the ways of formatting the info isn't even compiled by default -- SSL_trace(). Once formatted, it can be directly printed or callbacked into JS where JS would have to deal with it. Or maybe both should be possible? So, its on my radar, but not likely to happen soon.

Use wireshark to observe the handshake, or see if you can enable TLS tracing for the non-node side of the handshake. Also, NODE_DEBUG=tls,http,https maybe helpful.

@sam-github
Copy link
Contributor

@mscdex While this was formulated as a question, I think it implies a feature request. I don't know if its worth keeping open to track, though, our issue tracker could grow without bounds, and its surely not good first contribution material.

@cailin-lai
Copy link
Author

Thanks @sam-github.
Hopefully, the SSL Trace function will be integrated in the near feature.
Well, I will take tries to see whether or not we can get some info by node debug.
Appreciate for help!

sam-github added a commit to sam-github/node that referenced this issue Apr 26, 2019
Enable the same trace output that the OpenSSL s_client and s_server
support with their `-trace` option. This is invaluable when debugging
reports of TLS bugs as well as when debugging the internal TLS
implementation.

See:
- nodejs#25383
- nodejs#17936
- postmanlabs/postman-app-support#5918 (comment)
sam-github added a commit that referenced this issue Apr 29, 2019
Enable the same trace output that the OpenSSL s_client and s_server
support with their `-trace` option. This is invaluable when debugging
reports of TLS bugs as well as when debugging the internal TLS
implementation.

See:
- #25383
- #17936
- postmanlabs/postman-app-support#5918 (comment)

PR-URL: #27376
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
targos pushed a commit that referenced this issue Apr 30, 2019
Enable the same trace output that the OpenSSL s_client and s_server
support with their `-trace` option. This is invaluable when debugging
reports of TLS bugs as well as when debugging the internal TLS
implementation.

See:
- #25383
- #17936
- postmanlabs/postman-app-support#5918 (comment)

PR-URL: #27376
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
wrong repo Issues that should be opened in another repository.
Projects
None yet
Development

No branches or pull requests

3 participants