[chore] at some tracing to find out what the issue with legalhold is

wireapp · Jan 25, 2024 · b01c46b · b01c46b
1 parent 94e864c
commit b01c46b
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 1 deletion.
diff --git a/libs/ssl-util/src/Ssl/Util.hs b/libs/ssl-util/src/Ssl/Util.hs
@@ -47,6 +47,7 @@ import OpenSSL.RSA
 import OpenSSL.Session as SSL
 import OpenSSL.X509 as X509
 import OpenSSL.X509.Store (X509StoreCtx, getStoreCtxCert)
+import Debug.Trace (traceM)
 
 -- Cipher Suites ------------------------------------------------------------
 
@@ -188,14 +189,18 @@ extEnvCallback fingerprints store = do
   cert <- getStoreCtxCert store
   pk <- getPublicKey cert
   fprs <- readIORef fingerprints
+  traceM (show fprs)
   case toPublicKey @RSAPubKey pk of
     Nothing -> pure False
     Just k -> do
       fp <- rsaFingerprint sha k
       -- find at least one matching fingerprint to continue
       if not (any (constEqBytes fp . fingerprintBytes) fprs)
-        then pure False
+        then do
+          traceM "fingerprint not contained in fprs"
+          pure False
         else do
+          traceM "fingerprint is contained in fprs"
           -- Check if the certificate is self-signed.
           self <- verifyX509 cert pk
           if (self /= VerifySuccess)

diff --git a/services/galley/src/Galley/Env.hs b/services/galley/src/Galley/Env.hs
@@ -42,6 +42,7 @@ import Util.Options
 import Wire.API.MLS.Credential
 import Wire.API.MLS.Keys
 import Wire.API.Team.Member
+import Debug.Trace
 
 data DeleteItem = TeamItem TeamId UserId (Maybe ConnId)
   deriving (Eq, Ord, Show)
@@ -70,6 +71,7 @@ makeLenses ''Env
 -- TODO: somewhat duplicates Brig.App.initExtGetManager
 initExtEnv :: IORef [Fingerprint Rsa] -> IO Manager
 initExtEnv fingerprints = do
+  traceM "initExtEnv"
   ctx <- Ssl.context
   Ssl.contextAddOption ctx SSL_OP_NO_SSLv2
   Ssl.contextAddOption ctx SSL_OP_NO_SSLv3

diff --git a/services/galley/src/Galley/External/LegalHoldService/Internal.hs b/services/galley/src/Galley/External/LegalHoldService/Internal.hs
@@ -36,6 +36,7 @@ import Imports
 import Network.HTTP.Client qualified as Http
 import System.Logger.Class qualified as Log
 import URI.ByteString (uriPath)
+import Debug.Trace
 
 -- | Check that the given fingerprint is valid and make the request over ssl.
 -- If the team has a device registered use 'makeLegalHoldServiceRequest' instead.
@@ -92,5 +93,6 @@ makeVerifiedRequestFreshManager ::
   (Http.Request -> Http.Request) ->
   App (Http.Response LC8.ByteString)
 makeVerifiedRequestFreshManager fpr url reqBuilder = do
+  traceM "makeVerifiedRequestFreshManager"
   mgr <- liftIO . initExtEnv =<< newIORef [fpr]
   makeVerifiedRequestWithManager mgr url reqBuilder