rpc.tlsservd: Add logging of TLS version and cipher used

This patch adds logging of the version of TLS and cipher
negotiated successfully by the TLS handshake for each client,
if the "-v" command line option has been specified.

This information may be useful for monitoring and debugging
NFS-over-TLS mounts.

MFC after:	2 weeks
This commit is contained in:
Rick Macklem 2022-05-06 14:03:43 -07:00
parent 3cdfaefa4b
commit d71c9f1468

View File

@ -687,13 +687,23 @@ rpctls_server(SSL_CTX *ctx, int s, uint32_t *flags, uint32_t *uidp,
return (NULL);
}
*flags |= RPCTLS_FLAGS_HANDSHAKE;
if (rpctls_verbose) {
gethostret = rpctls_gethost(s, sad, hostnam, sizeof(hostnam));
if (gethostret == 0)
hostnam[0] = '\0';
rpctls_verbose_out("rpctls_server: SSL handshake ok for host %s"
" <%s %s>\n", hostnam, SSL_get_version(ssl),
SSL_get_cipher(ssl));
}
if (rpctls_do_mutual) {
cert = SSL_get_peer_certificate(ssl);
if (cert != NULL) {
gethostret = rpctls_gethost(s, sad, hostnam,
sizeof(hostnam));
if (gethostret == 0)
hostnam[0] = '\0';
if (!rpctls_verbose) {
gethostret = rpctls_gethost(s, sad, hostnam,
sizeof(hostnam));
if (gethostret == 0)
hostnam[0] = '\0';
}
cp2 = X509_NAME_oneline(
X509_get_subject_name(cert), NULL, 0);
*flags |= RPCTLS_FLAGS_GOTCERT;