hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-23 02:51:09 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

rpc.tlsservd: Add logging of TLS version and cipher used

Browse Source 
This patch adds logging of the version of TLS and cipher
negotiated successfully by the TLS handshake for each client,
if the "-v" command line option has been specified.

This information may be useful for monitoring and debugging
NFS-over-TLS mounts.

MFC after:	2 weeks
This commit is contained in:
Rick Macklem 2022-05-06 14:03:43 -07:00
parent 3cdfaefa4b
commit d71c9f1468
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
usr.sbin/rpc.tlsservd/rpc.tlsservd.c
View File

@ -687,13 +687,23 @@ rpctls_server(SSL_CTX *ctx, int s, uint32_t *flags, uint32_t *uidp,
return (NULL);
}
*flags |= RPCTLS_FLAGS_HANDSHAKE;
if (rpctls_verbose) {
gethostret = rpctls_gethost(s, sad, hostnam, sizeof(hostnam));
if (gethostret == 0)
hostnam[0] = '\0';
rpctls_verbose_out("rpctls_server: SSL handshake ok for host %s"
" <%s %s>\n", hostnam, SSL_get_version(ssl),
SSL_get_cipher(ssl));
}
if (rpctls_do_mutual) {
cert = SSL_get_peer_certificate(ssl);
if (cert != NULL) {
gethostret = rpctls_gethost(s, sad, hostnam,
sizeof(hostnam));
if (gethostret == 0)
hostnam[0] = '\0';
if (!rpctls_verbose) {
gethostret = rpctls_gethost(s, sad, hostnam,
sizeof(hostnam));
if (gethostret == 0)
hostnam[0] = '\0';
}
cp2 = X509_NAME_oneline(
X509_get_subject_name(cert), NULL, 0);
*flags |= RPCTLS_FLAGS_GOTCERT;