From b01c46b3b64fc7ef6d5e3754894a36b20049313d Mon Sep 17 00:00:00 2001 From: Magnus Viernickel Date: Thu, 25 Jan 2024 13:55:40 +0100 Subject: [PATCH] [chore] at some tracing to find out what the issue with legalhold is --- libs/ssl-util/src/Ssl/Util.hs | 7 ++++++- services/galley/src/Galley/Env.hs | 2 ++ .../src/Galley/External/LegalHoldService/Internal.hs | 2 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/libs/ssl-util/src/Ssl/Util.hs b/libs/ssl-util/src/Ssl/Util.hs index 1598c100bfd..280a62c4e6b 100644 --- a/libs/ssl-util/src/Ssl/Util.hs +++ b/libs/ssl-util/src/Ssl/Util.hs @@ -47,6 +47,7 @@ import OpenSSL.RSA import OpenSSL.Session as SSL import OpenSSL.X509 as X509 import OpenSSL.X509.Store (X509StoreCtx, getStoreCtxCert) +import Debug.Trace (traceM) -- Cipher Suites ------------------------------------------------------------ @@ -188,14 +189,18 @@ extEnvCallback fingerprints store = do cert <- getStoreCtxCert store pk <- getPublicKey cert fprs <- readIORef fingerprints + traceM (show fprs) case toPublicKey @RSAPubKey pk of Nothing -> pure False Just k -> do fp <- rsaFingerprint sha k -- find at least one matching fingerprint to continue if not (any (constEqBytes fp . fingerprintBytes) fprs) - then pure False + then do + traceM "fingerprint not contained in fprs" + pure False else do + traceM "fingerprint is contained in fprs" -- Check if the certificate is self-signed. self <- verifyX509 cert pk if (self /= VerifySuccess) diff --git a/services/galley/src/Galley/Env.hs b/services/galley/src/Galley/Env.hs index 89f7d5b03ab..a4d5f6081d3 100644 --- a/services/galley/src/Galley/Env.hs +++ b/services/galley/src/Galley/Env.hs @@ -42,6 +42,7 @@ import Util.Options import Wire.API.MLS.Credential import Wire.API.MLS.Keys import Wire.API.Team.Member +import Debug.Trace data DeleteItem = TeamItem TeamId UserId (Maybe ConnId) deriving (Eq, Ord, Show) @@ -70,6 +71,7 @@ makeLenses ''Env -- TODO: somewhat duplicates Brig.App.initExtGetManager initExtEnv :: IORef [Fingerprint Rsa] -> IO Manager initExtEnv fingerprints = do + traceM "initExtEnv" ctx <- Ssl.context Ssl.contextAddOption ctx SSL_OP_NO_SSLv2 Ssl.contextAddOption ctx SSL_OP_NO_SSLv3 diff --git a/services/galley/src/Galley/External/LegalHoldService/Internal.hs b/services/galley/src/Galley/External/LegalHoldService/Internal.hs index 1e7db84947c..27087bec81c 100644 --- a/services/galley/src/Galley/External/LegalHoldService/Internal.hs +++ b/services/galley/src/Galley/External/LegalHoldService/Internal.hs @@ -36,6 +36,7 @@ import Imports import Network.HTTP.Client qualified as Http import System.Logger.Class qualified as Log import URI.ByteString (uriPath) +import Debug.Trace -- | Check that the given fingerprint is valid and make the request over ssl. -- If the team has a device registered use 'makeLegalHoldServiceRequest' instead. @@ -92,5 +93,6 @@ makeVerifiedRequestFreshManager :: (Http.Request -> Http.Request) -> App (Http.Response LC8.ByteString) makeVerifiedRequestFreshManager fpr url reqBuilder = do + traceM "makeVerifiedRequestFreshManager" mgr <- liftIO . initExtEnv =<< newIORef [fpr] makeVerifiedRequestWithManager mgr url reqBuilder