X-Git-Url: https://mattmccutchen.net/rsync/rsync-patches.git/blobdiff_plain/22585581a3e5bd3d11b76d50932f2ebb5f66ca30..c1ff70aa47e11c5b37634479a0facee775a7b6d9:/openssl-support.diff

diff --git a/openssl-support.diff b/openssl-support.diff
index db58b1c..daa419b 100644
--- a/openssl-support.diff
+++ b/openssl-support.diff
@@ -1,10 +1,4 @@
-After applying this patch, run these commands for a successful build:
-
-    ./prepare-source
-    ./configure
-    make
-
-Casey Marshall writes:
+Casey Marshall wrote:
 
 I've been hacking together a way to use rsync with OpenSSL, and have
 attached my current patch against a recent CVS tree. The details of
@@ -34,32 +28,41 @@ this implementation are:
 All warnings apply; I don't do C programming all that often, so I
 can't say if I've left any cleanup/compatibility errors in the code.
 
+To use this patch, run these commands for a successful build:
+
+    patch -p1 <patches/openssl-support.diff
+    ./prepare-source
+    ./configure
+    make
 
---- old/Makefile.in
-+++ new/Makefile.in
-@@ -39,7 +39,7 @@ OBJS3=progress.o pipe.o
+based-on: a01e3b490eb36ccf9e704840e1b6683dab867550
+diff --git a/Makefile.in b/Makefile.in
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -41,7 +41,7 @@ OBJS3=progress.o pipe.o
  DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o
  popt_OBJS=popt/findme.o  popt/popt.o  popt/poptconfig.o \
  	popt/popthelp.o popt/poptparse.o
 -OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) $(ZLIBOBJ) @BUILD_POPT@
 +OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) $(ZLIBOBJ) @BUILD_POPT@ @SSL_OBJS@
  
- TLS_OBJ = tls.o syscall.o lib/compat.o lib/snprintf.o lib/permstring.o
+ TLS_OBJ = tls.o syscall.o lib/compat.o lib/snprintf.o lib/permstring.o lib/sysxattrs.o @BUILD_POPT@
  
---- old/cleanup.c
-+++ new/cleanup.c
-@@ -26,6 +26,9 @@
- extern int am_server;
+diff --git a/cleanup.c b/cleanup.c
+--- a/cleanup.c
++++ b/cleanup.c
+@@ -26,6 +26,9 @@ extern int am_server;
  extern int am_daemon;
+ extern int am_receiver;
  extern int io_error;
 +#ifdef HAVE_OPENSSL
 +extern int use_ssl;
 +#endif
  extern int keep_partial;
- extern int log_got_error;
- extern char *partial_dir;
-@@ -117,6 +120,14 @@ NORETURN void _exit_cleanup(int code, co
- 				code, file, line);
+ extern int got_xfer_error;
+ extern int protocol_version;
+@@ -137,6 +140,14 @@ NORETURN void _exit_cleanup(int code, const char *file, int line)
+ 				who_am_i(), code, file, line);
  		}
  
 +#ifdef HAVE_OPENSSL
@@ -73,9 +76,10 @@ can't say if I've left any cleanup/compatibility errors in the code.
  		/* FALLTHROUGH */
  #include "case_N.h"
  
---- old/clientserver.c
-+++ new/clientserver.c
-@@ -29,6 +29,9 @@ extern int am_sender;
+diff --git a/clientserver.c b/clientserver.c
+--- a/clientserver.c
++++ b/clientserver.c
+@@ -30,6 +30,9 @@ extern int am_sender;
  extern int am_server;
  extern int am_daemon;
  extern int am_root;
@@ -83,12 +87,12 @@ can't say if I've left any cleanup/compatibility errors in the code.
 +extern int use_ssl;
 +#endif
  extern int rsync_port;
- extern int kluge_around_eof;
- extern int daemon_over_rsh;
-@@ -105,8 +108,18 @@ int start_socket_client(char *host, char
- 	set_socket_options(fd, sockopts);
+ extern int protect_args;
+ extern int ignore_errors;
+@@ -133,8 +136,18 @@ int start_socket_client(char *host, int remote_argc, char *remote_argv[],
+ #endif
  
- 	ret = start_inband_exchange(user, path, fd, fd, argc);
+ 	ret = start_inband_exchange(fd, fd, user, remote_argc, remote_argv);
 +	if (ret)
 +		return ret;
 +
@@ -104,16 +108,16 @@ can't say if I've left any cleanup/compatibility errors in the code.
 +	return client_run(fd, fd, -1, argc, argv);
  }
  
- int start_inband_exchange(char *user, char *path, int f_in, int f_out,
-@@ -167,6 +180,33 @@ int start_inband_exchange(char *user, ch
- 	if (verbose > 1)
- 		print_child_argv(sargs);
+ static int exchange_protocols(int f_in, int f_out, char *buf, size_t bufsiz, int am_client)
+@@ -277,6 +290,32 @@ int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char
+ 	if (DEBUG_GTE(CMD, 1))
+ 		print_child_argv("sending daemon args:", sargs);
  
 +#ifdef HAVE_OPENSSL
 +	if (use_ssl) {
 +		io_printf(f_out, "#starttls\n");
 +		while (1) {
-+			if (!read_line(f_in, line, sizeof(line)-1)) {
++			if (!read_line_old(f_in, line, sizeof line)) {
 +				rprintf(FERROR, "rsync: did not receive reply to #starttls\n");
 +				return -1;
 +			}
@@ -121,9 +125,8 @@ can't say if I've left any cleanup/compatibility errors in the code.
 +				rprintf(FERROR, "%s\n", line);
 +				return -1;
 +			}
-+			if (strcmp(line, "@RSYNCD: starttls") == 0) {
++			if (strcmp(line, "@RSYNCD: starttls") == 0)
 +				break;
-+			}
 +			rprintf(FINFO, "%s\n", line);
 +		}
 +		if (start_tls(f_in, f_out)) {
@@ -136,10 +139,10 @@ can't say if I've left any cleanup/compatibility errors in the code.
 +	}
 +#endif
 +
- 	p = strchr(path,'/');
- 	if (p) *p = 0;
- 	io_printf(f_out, "%s\n", path);
-@@ -195,6 +235,10 @@ int start_inband_exchange(char *user, ch
+ 	io_printf(f_out, "%.*s\n", modlen, modname);
+ 
+ 	/* Old servers may just drop the connection here,
+@@ -302,6 +341,10 @@ int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char
  			 * server to terminate the listing of modules.
  			 * We don't want to go on and transfer
  			 * anything; just exit. */
@@ -150,7 +153,7 @@ can't say if I've left any cleanup/compatibility errors in the code.
  			exit(0);
  		}
  
-@@ -202,6 +246,10 @@ int start_inband_exchange(char *user, ch
+@@ -309,6 +352,10 @@ int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char
  			rprintf(FERROR, "%s\n", line);
  			/* This is always fatal; the server will now
  			 * close the socket. */
@@ -161,25 +164,17 @@ can't say if I've left any cleanup/compatibility errors in the code.
  			return -1;
  		}
  
-@@ -718,6 +766,7 @@ static void send_listing(int fd)
- 		io_printf(fd,"@RSYNCD: EXIT\n");
- }
- 
-+
- /* this is called when a connection is established to a client
-    and we want to start talking. The setup of the system is done from
-    here */
-@@ -776,6 +825,9 @@ int start_daemon(int f_in, int f_out)
- 	if (protocol_version > remote_protocol)
- 		protocol_version = remote_protocol;
+@@ -1028,6 +1075,9 @@ int start_daemon(int f_in, int f_out)
+ 	if (exchange_protocols(f_in, f_out, line, sizeof line, 0) < 0)
+ 		return -1;
  
 +#ifdef HAVE_OPENSSL
 +retry:
 +#endif
  	line[0] = 0;
- 	if (!read_line(f_in, line, sizeof line - 1))
+ 	if (!read_line_old(f_in, line, sizeof line))
  		return -1;
-@@ -787,6 +839,20 @@ int start_daemon(int f_in, int f_out)
+@@ -1039,6 +1089,20 @@ int start_daemon(int f_in, int f_out)
  		return -1;
  	}
  
@@ -200,9 +195,10 @@ can't say if I've left any cleanup/compatibility errors in the code.
  	if (*line == '#') {
  		/* it's some sort of command that I don't understand */
  		io_printf(f_out, "@ERROR: Unknown command '%s'\n", line);
---- old/configure.in
-+++ new/configure.in
-@@ -290,6 +290,21 @@ if test x"$enable_locale" != x"no"; then
+diff --git a/configure.in b/configure.in
+--- a/configure.in
++++ b/configure.in
+@@ -318,6 +318,21 @@ if test x"$enable_locale" != x"no"; then
  	AC_DEFINE(CONFIG_LOCALE)
  fi
  
@@ -224,9 +220,10 @@ can't say if I've left any cleanup/compatibility errors in the code.
  AC_MSG_CHECKING([whether to call shutdown on all sockets])
  case $host_os in
  	*cygwin* ) AC_MSG_RESULT(yes)
---- old/options.c
-+++ new/options.c
-@@ -172,6 +172,14 @@ int logfile_format_has_o_or_i = 0;
+diff --git a/options.c b/options.c
+--- a/options.c
++++ b/options.c
+@@ -191,6 +191,14 @@ int logfile_format_has_o_or_i = 0;
  int always_checksum = 0;
  int list_only = 0;
  
@@ -241,41 +238,39 @@ can't say if I've left any cleanup/compatibility errors in the code.
  #define MAX_BATCH_NAME_LEN 256	/* Must be less than MAXPATHLEN-13 */
  char *batch_name = NULL;
  
-@@ -200,6 +208,7 @@ static void print_rsync_version(enum log
- 	char const *hardlinks = "no ";
+@@ -567,6 +575,7 @@ static void print_rsync_version(enum logcode f)
  	char const *links = "no ";
+ 	char const *iconv = "no ";
  	char const *ipv6 = "no ";
 +	char const *ssl = "no ";
  	STRUCT_STAT *dumstat;
  
- #ifdef HAVE_SOCKETPAIR
-@@ -222,6 +231,10 @@ static void print_rsync_version(enum log
- 	ipv6 = "";
+ #if SUBPROTOCOL_VERSION != 0
+@@ -600,6 +609,9 @@ static void print_rsync_version(enum logcode f)
+ #ifdef CAN_SET_SYMLINK_TIMES
+ 	symtimes = "";
  #endif
- 
 +#ifdef HAVE_OPENSSL
 +	ssl = "";
 +#endif
-+
- 	rprintf(f, "%s  version %s  protocol version %d\n",
- 		RSYNC_NAME, RSYNC_VERSION, PROTOCOL_VERSION);
- 	rprintf(f, "Copyright (C) 1996-2006 by Andrew Tridgell, Wayne Davison, and others.\n");
-@@ -234,9 +247,9 @@ static void print_rsync_version(enum log
- 	/* Note that this field may not have type ino_t.  It depends
- 	 * on the complicated interaction between largefile feature
- 	 * macros. */
--	rprintf(f, "              %sinplace, %sIPv6, "
-+	rprintf(f, "              %sinplace, %sIPv6, %sSSL, "
- 		"%d-bit system inums, %d-bit internal inums\n",
--		have_inplace, ipv6,
-+		have_inplace, ipv6, ssl,
- 		(int) (sizeof dumstat->st_ino * 8),
- 		(int) (sizeof (int64) * 8));
+ 
+ 	rprintf(f, "%s  version %s  protocol version %d%s\n",
+ 		RSYNC_NAME, RSYNC_VERSION, PROTOCOL_VERSION, subprotocol);
+@@ -613,8 +625,8 @@ static void print_rsync_version(enum logcode f)
+ 		(int)(sizeof (int64) * 8));
+ 	rprintf(f, "    %ssocketpairs, %shardlinks, %ssymlinks, %sIPv6, batchfiles, %sinplace,\n",
+ 		got_socketpair, hardlinks, links, ipv6, have_inplace);
+-	rprintf(f, "    %sappend, %sACLs, %sxattrs, %siconv, %ssymtimes\n",
+-		have_inplace, acls, xattrs, iconv, symtimes);
++	rprintf(f, "    %sappend, %sACLs, %sxattrs, %siconv, %ssymtimes, %sSSL\n",
++		have_inplace, acls, xattrs, iconv, symtimes, ssl);
+ 
  #ifdef MAINTAINER_MODE
-@@ -383,6 +396,13 @@ void usage(enum logcode F)
+ 	rprintf(f, "Panic Action: \"%s\"\n", get_panic_action());
+@@ -785,6 +797,13 @@ void usage(enum logcode F)
+ #endif
    rprintf(F," -4, --ipv4                  prefer IPv4\n");
    rprintf(F," -6, --ipv6                  prefer IPv6\n");
- #endif
 +#ifdef HAVE_OPENSSL
 +  rprintf(F,"     --ssl                   allow socket connections to use SSL\n");
 +  rprintf(F,"     --ssl-cert=FILE         path to daemon's SSL certificate\n");
@@ -286,16 +281,16 @@ can't say if I've left any cleanup/compatibility errors in the code.
    rprintf(F,"     --version               print version number\n");
    rprintf(F,"(-h) --help                  show this help (-h works with no other options)\n");
  
-@@ -396,7 +416,7 @@ enum {OPT_VERSION = 1000, OPT_DAEMON, OP
+@@ -798,7 +817,7 @@ enum {OPT_VERSION = 1000, OPT_DAEMON, OPT_SENDER, OPT_EXCLUDE, OPT_EXCLUDE_FROM,
        OPT_FILTER, OPT_COMPARE_DEST, OPT_COPY_DEST, OPT_LINK_DEST, OPT_HELP,
        OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_MODIFY_WINDOW, OPT_MIN_SIZE, OPT_CHMOD,
        OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_ONLY_WRITE_BATCH, OPT_MAX_SIZE,
--      OPT_NO_D,
-+      OPT_NO_D, OPT_USE_SSL,
+-      OPT_NO_D, OPT_APPEND, OPT_NO_ICONV, OPT_INFO, OPT_DEBUG,
++      OPT_NO_D, OPT_APPEND, OPT_NO_ICONV, OPT_INFO, OPT_DEBUG, OPT_USE_SSL,
+       OPT_USERMAP, OPT_GROUPMAP, OPT_CHOWN, OPT_BWLIMIT,
        OPT_SERVER, OPT_REFUSED_BASE = 9000};
  
- static struct poptOption long_options[] = {
-@@ -541,6 +561,13 @@ static struct poptOption long_options[] 
+@@ -1013,6 +1032,13 @@ static struct poptOption long_options[] = {
    {"checksum-seed",    0,  POPT_ARG_INT,    &checksum_seed, 0, 0, 0 },
    {"server",           0,  POPT_ARG_NONE,   0, OPT_SERVER, 0, 0 },
    {"sender",           0,  POPT_ARG_NONE,   0, OPT_SENDER, 0, 0 },
@@ -309,10 +304,10 @@ can't say if I've left any cleanup/compatibility errors in the code.
    /* All the following options switch us into daemon-mode option-parsing. */
    {"config",           0,  POPT_ARG_STRING, 0, OPT_DAEMON, 0, 0 },
    {"daemon",           0,  POPT_ARG_NONE,   0, OPT_DAEMON, 0, 0 },
-@@ -568,6 +595,13 @@ static void daemon_usage(enum logcode F)
+@@ -1040,6 +1066,13 @@ static void daemon_usage(enum logcode F)
+   rprintf(F," -v, --verbose               increase verbosity\n");
    rprintf(F," -4, --ipv4                  prefer IPv4\n");
    rprintf(F," -6, --ipv6                  prefer IPv6\n");
- #endif
 +#ifdef HAVE_OPENSSL
 +  rprintf(F,"     --ssl                   allow socket connections to use SSL\n");
 +  rprintf(F,"     --ssl-cert=FILE         path to daemon's SSL certificate\n");
@@ -323,7 +318,7 @@ can't say if I've left any cleanup/compatibility errors in the code.
    rprintf(F,"     --help                  show this help screen\n");
  
    rprintf(F,"\n");
-@@ -594,6 +628,13 @@ static struct poptOption long_daemon_opt
+@@ -1065,6 +1098,13 @@ static struct poptOption long_daemon_options[] = {
    {"protocol",         0,  POPT_ARG_INT,    &protocol_version, 0, 0, 0 },
    {"server",           0,  POPT_ARG_NONE,   &am_server, 0, 0, 0 },
    {"temp-dir",        'T', POPT_ARG_STRING, &tmpdir, 0, 0, 0 },
@@ -337,7 +332,7 @@ can't say if I've left any cleanup/compatibility errors in the code.
    {"verbose",         'v', POPT_ARG_NONE,   0, 'v', 0, 0 },
    {"no-verbose",       0,  POPT_ARG_VAL,    &verbose, 0, 0, 0 },
    {"no-v",             0,  POPT_ARG_VAL,    &verbose, 0, 0, 0 },
-@@ -851,6 +892,12 @@ int parse_arguments(int *argc, const cha
+@@ -1360,6 +1400,12 @@ int parse_arguments(int *argc_p, const char ***argv_p)
  					verbose++;
  					break;
  
@@ -350,7 +345,7 @@ can't say if I've left any cleanup/compatibility errors in the code.
  				default:
  					rprintf(FERROR,
  					    "rsync: %s: %s (in daemon mode)\n",
-@@ -874,6 +921,17 @@ int parse_arguments(int *argc, const cha
+@@ -1386,6 +1432,17 @@ int parse_arguments(int *argc_p, const char ***argv_p)
  				exit_cleanup(RERR_SYNTAX);
  			}
  
@@ -365,12 +360,12 @@ can't say if I've left any cleanup/compatibility errors in the code.
 +			}
 +#endif
 +
- 			*argv = poptGetArgs(pc);
- 			*argc = count_args(*argv);
+ 			*argv_p = argv = poptGetArgs(pc);
+ 			*argc_p = argc = count_args(argv);
  			am_starting_up = 0;
-@@ -1085,6 +1143,12 @@ int parse_arguments(int *argc, const cha
- 			usage(FINFO);
- 			exit_cleanup(0);
+@@ -1764,6 +1821,12 @@ int parse_arguments(int *argc_p, const char ***argv_p)
+ 			return 0;
+ #endif
  
 +#ifdef HAVE_OPENSSL
 +		case OPT_USE_SSL:
@@ -381,7 +376,7 @@ can't say if I've left any cleanup/compatibility errors in the code.
  		default:
  			/* A large opt value means that set_refuse_options()
  			 * turned this option off. */
-@@ -1361,6 +1425,17 @@ int parse_arguments(int *argc, const cha
+@@ -2160,6 +2223,17 @@ int parse_arguments(int *argc_p, const char ***argv_p)
  	if (delay_updates && !partial_dir)
  		partial_dir = tmp_partialdir;
  
@@ -399,47 +394,40 @@ can't say if I've left any cleanup/compatibility errors in the code.
  	if (inplace) {
  #ifdef HAVE_FTRUNCATE
  		if (partial_dir) {
-@@ -1778,10 +1853,27 @@ char *check_for_hostspec(char *s, char *
- 	char *p;
- 	int not_host;
- 	int hostlen;
-+	int url_prefix_len = sizeof URL_PREFIX - 1;
+@@ -2750,9 +2824,18 @@ char *check_for_hostspec(char *s, char **host_ptr, int *port_ptr)
+ {
+ 	char *path;
  
 -	if (port_ptr && strncasecmp(URL_PREFIX, s, strlen(URL_PREFIX)) == 0) {
-+	if (!port_ptr)
-+		url_prefix_len = 0;
-+	else if (strncasecmp(URL_PREFIX, s, url_prefix_len) != 0) {
-+#ifdef HAVE_OPENSSL
-+		url_prefix_len = sizeof SSL_URL_PREFIX - 1;
-+		if (strncasecmp(SSL_URL_PREFIX, s, url_prefix_len) != 0)
-+			url_prefix_len = 0;
-+		else {
+-		*host_ptr = parse_hostspec(s + strlen(URL_PREFIX), &path, port_ptr);
+-		if (*host_ptr) {
++	if (port_ptr) {
++		int url_prefix_len;
++		if (strncasecmp(URL_PREFIX, s, sizeof URL_PREFIX - 1) == 0)
++			url_prefix_len = sizeof URL_PREFIX - 1;
++		else if (strncasecmp(SSL_URL_PREFIX, s, sizeof SSL_URL_PREFIX - 1) == 0) {
 +			if (!use_ssl)
 +				init_tls();
 +			use_ssl = 1;
-+		}
-+#else
-+		url_prefix_len = 0;
-+#endif
-+	}
-+	if (url_prefix_len) {
- 		char *path;
--		s += strlen(URL_PREFIX);
-+		s += url_prefix_len;
- 		if ((p = strchr(s, '/')) != NULL) {
- 			hostlen = p - s;
- 			path = p + 1;
---- old/rsync.h
-+++ new/rsync.h
-@@ -32,6 +32,7 @@
++			url_prefix_len = sizeof SSL_URL_PREFIX - 1;
++		} else
++			url_prefix_len = 0;
++		if (url_prefix_len && (*host_ptr = parse_hostspec(s + url_prefix_len, &path, port_ptr))) {
+ 			if (!*port_ptr)
+ 				*port_ptr = RSYNC_PORT;
+ 			return path;
+diff --git a/rsync.h b/rsync.h
+--- a/rsync.h
++++ b/rsync.h
+@@ -31,6 +31,7 @@
  
  #define DEFAULT_LOCK_FILE "/var/run/rsyncd.lock"
  #define URL_PREFIX "rsync://"
 +#define SSL_URL_PREFIX "rsyncs://"
  
- #define BACKUP_SUFFIX "~"
- 
-@@ -419,6 +420,11 @@ enum msgcode {
+ #define SYMLINK_PREFIX "/rsyncd-munged/"  /* This MUST have a trailing slash! */
+ #define SYMLINK_PREFIX_LEN ((int)sizeof SYMLINK_PREFIX - 1)
+@@ -581,6 +582,11 @@ typedef unsigned int size_t;
  # define SIZEOF_INT64 SIZEOF_OFF_T
  #endif
  
@@ -448,14 +436,16 @@ can't say if I've left any cleanup/compatibility errors in the code.
 +#include <openssl/err.h>
 +#endif
 +
- /* Starting from protocol version 26, we always use 64-bit
-  * ino_t and dev_t internally, even if this platform does not
-  * allow files to have 64-bit inums.  That's because the
---- old/ssl.c
-+++ new/ssl.c
-@@ -0,0 +1,370 @@
+ struct hashtable {
+ 	void *nodes;
+ 	int32 size, entries;
+diff --git a/ssl.c b/ssl.c
+new file mode 100644
+--- /dev/null
++++ b/ssl.c
+@@ -0,0 +1,369 @@
 +/* -*- c-file-style: "linux" -*-
-+ * ssl.c: operations for negotiating SSL rsync connections. 
++ * ssl.c: operations for negotiating SSL rsync connections.
 + *
 + * Copyright (C) 2003  Casey Marshall <rsdio@metastatic.org>
 + *
@@ -463,12 +453,12 @@ can't say if I've left any cleanup/compatibility errors in the code.
 + * it under the terms of the GNU General Public License as published by
 + * the Free Software Foundation; either version 2 of the License, or
 + * (at your option) any later version.
-+ * 
++ *
 + * This program is distributed in the hope that it will be useful,
 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 + * GNU General Public License for more details.
-+ * 
++ *
 + * You should have received a copy of the GNU General Public License
 + * along with this program; if not, write to the Free Software
 + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
@@ -487,7 +477,6 @@ can't say if I've left any cleanup/compatibility errors in the code.
 +
 +#define BUF_SIZE 1024
 +
-+extern int verbose;
 +extern int am_daemon;
 +extern int am_server;
 +
@@ -573,7 +562,7 @@ can't say if I've left any cleanup/compatibility errors in the code.
 +		cbs = buf;
 +		break;
 +	}
-+	if (verbose > 2) {
++	if (DEBUG_GTE(CONNECT, 1)) {
 +		rprintf(FLOG, "SSL: info_callback(%p,%s,%d)\n", ssl, cbs, val);
 +		if (cb == SSL_CB_HANDSHAKE_DONE) {
 +			SSL_CIPHER_description(SSL_get_current_cipher((SSL*)ssl),