git: d71c9f14682f - main - rpc.tlsservd: Add logging of TLS version and cipher used
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 06 May 2022 21:04:59 UTC
The branch main has been updated by rmacklem:
URL: https://cgit.FreeBSD.org/src/commit/?id=d71c9f14682fee73f3694426fb47e66aab721835
commit d71c9f14682fee73f3694426fb47e66aab721835
Author: Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2022-05-06 21:03:43 +0000
Commit: Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2022-05-06 21:03:43 +0000
rpc.tlsservd: Add logging of TLS version and cipher used
This patch adds logging of the version of TLS and cipher
negotiated successfully by the TLS handshake for each client,
if the "-v" command line option has been specified.
This information may be useful for monitoring and debugging
NFS-over-TLS mounts.
MFC after: 2 weeks
---
usr.sbin/rpc.tlsservd/rpc.tlsservd.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c
index e6cfbe6faf88..ca0d329078aa 100644
--- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c
+++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c
@@ -687,13 +687,23 @@ rpctls_server(SSL_CTX *ctx, int s, uint32_t *flags, uint32_t *uidp,
return (NULL);
}
*flags |= RPCTLS_FLAGS_HANDSHAKE;
+ if (rpctls_verbose) {
+ gethostret = rpctls_gethost(s, sad, hostnam, sizeof(hostnam));
+ if (gethostret == 0)
+ hostnam[0] = '\0';
+ rpctls_verbose_out("rpctls_server: SSL handshake ok for host %s"
+ " <%s %s>\n", hostnam, SSL_get_version(ssl),
+ SSL_get_cipher(ssl));
+ }
if (rpctls_do_mutual) {
cert = SSL_get_peer_certificate(ssl);
if (cert != NULL) {
- gethostret = rpctls_gethost(s, sad, hostnam,
- sizeof(hostnam));
- if (gethostret == 0)
- hostnam[0] = '\0';
+ if (!rpctls_verbose) {
+ gethostret = rpctls_gethost(s, sad, hostnam,
+ sizeof(hostnam));
+ if (gethostret == 0)
+ hostnam[0] = '\0';
+ }
cp2 = X509_NAME_oneline(
X509_get_subject_name(cert), NULL, 0);
*flags |= RPCTLS_FLAGS_GOTCERT;