Mercurial > dovecot > original-hg > dovecot-1.2
changeset 8122:3917bf9cf311 HEAD
login_log_format_elements: Added %k to show SSL protocol/cipher information.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Sat, 30 Aug 2008 12:00:49 +0300 |
| parents | d95770cfd935 |
| children | 26b67708b365 |
| files | src/login-common/client-common.c src/login-common/ssl-proxy-openssl.c src/login-common/ssl-proxy.c src/login-common/ssl-proxy.h |
| diffstat | 4 files changed, 26 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/login-common/client-common.c Sat Aug 30 11:27:07 2008 +0300 +++ b/src/login-common/client-common.c Sat Aug 30 12:00:49 2008 +0300 @@ -49,6 +49,7 @@ { 'a', NULL }, { 'b', NULL }, { 'c', NULL }, + { 'k', NULL }, { 'e', NULL }, { '\0', NULL } }; @@ -78,6 +79,7 @@ tab[10].value = dec2str(client->remote_port); if (!client->tls) { tab[11].value = client->secured ? "secured" : NULL; + tab[12].value = ""; } else { const char *ssl_state = ssl_proxy_is_handshaked(client->proxy) ? "TLS" : "TLS handshaking"; @@ -85,8 +87,9 @@ tab[11].value = ssl_error == NULL ? ssl_state : t_strdup_printf("%s: %s", ssl_state, ssl_error); + tab[12].value = ssl_proxy_get_security_string(client->proxy); } - tab[12].value = dec2str(client->mail_pid); + tab[13].value = dec2str(client->mail_pid); return tab; }
--- a/src/login-common/ssl-proxy-openssl.c Sat Aug 30 11:27:07 2008 +0300 +++ b/src/login-common/ssl-proxy-openssl.c Sat Aug 30 12:00:49 2008 +0300 @@ -550,6 +550,22 @@ return proxy->last_error; } +const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy) +{ + SSL_CIPHER *cipher; + int bits, alg_bits; + + if (!proxy->handshaked) + return ""; + + cipher = SSL_get_current_cipher(proxy->ssl); + bits = SSL_CIPHER_get_bits(cipher, &alg_bits); + return t_strdup_printf("%s with cipher %s (%d/%d bits)", + SSL_get_version(proxy->ssl), + SSL_CIPHER_get_name(cipher), + bits, alg_bits); +} + void ssl_proxy_free(struct ssl_proxy *proxy) { ssl_proxy_unref(proxy);
--- a/src/login-common/ssl-proxy.c Sat Aug 30 11:27:07 2008 +0300 +++ b/src/login-common/ssl-proxy.c Sat Aug 30 12:00:49 2008 +0300 @@ -36,6 +36,11 @@ return NULL; } +const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy) +{ + return ""; +} + void ssl_proxy_free(struct ssl_proxy *proxy ATTR_UNUSED) {} unsigned int ssl_proxy_get_count(void)
--- a/src/login-common/ssl-proxy.h Sat Aug 30 11:27:07 2008 +0300 +++ b/src/login-common/ssl-proxy.h Sat Aug 30 12:00:49 2008 +0300 @@ -14,6 +14,7 @@ const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy); bool ssl_proxy_is_handshaked(const struct ssl_proxy *proxy) ATTR_PURE; const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy) ATTR_PURE; +const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy); void ssl_proxy_free(struct ssl_proxy *proxy); /* Return number of active SSL proxies */