dovecot-1.1: login_log_format_elements: Added %k to show SSL pro...
dovecot at dovecot.org
dovecot at dovecot.org
Sat Aug 30 11:59:54 EEST 2008
details: http://hg.dovecot.org/dovecot-1.1/rev/0177096cefe5
changeset: 7842:0177096cefe5
user: Timo Sirainen <tss at iki.fi>
date: Sat Aug 30 11:59:50 2008 +0300
description:
login_log_format_elements: Added %k to show SSL protocol/cipher information.
diffstat:
4 files changed, 25 insertions(+)
src/login-common/client-common.c | 3 +++
src/login-common/ssl-proxy-openssl.c | 16 ++++++++++++++++
src/login-common/ssl-proxy.c | 5 +++++
src/login-common/ssl-proxy.h | 1 +
diffs (79 lines):
diff -r 1d8bd4bc3038 -r 0177096cefe5 src/login-common/client-common.c
--- a/src/login-common/client-common.c Sat Aug 30 11:26:50 2008 +0300
+++ b/src/login-common/client-common.c Sat Aug 30 11:59:50 2008 +0300
@@ -49,6 +49,7 @@ get_var_expand_table(struct client *clie
{ 'a', NULL },
{ 'b', NULL },
{ 'c', NULL },
+ { 'k', NULL },
{ '\0', NULL }
};
struct var_expand_table *tab;
@@ -77,6 +78,7 @@ get_var_expand_table(struct client *clie
tab[10].value = dec2str(client->remote_port);
if (!client->tls) {
tab[11].value = client->secured ? "secured" : NULL;
+ tab[12].value = "";
} else {
const char *ssl_state = ssl_proxy_is_handshaked(client->proxy) ?
"TLS" : "TLS handshaking";
@@ -84,6 +86,7 @@ get_var_expand_table(struct client *clie
tab[11].value = ssl_error == NULL ? ssl_state :
t_strdup_printf("%s: %s", ssl_state, ssl_error);
+ tab[12].value = ssl_proxy_get_security_string(client->proxy);
}
return tab;
diff -r 1d8bd4bc3038 -r 0177096cefe5 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Sat Aug 30 11:26:50 2008 +0300
+++ b/src/login-common/ssl-proxy-openssl.c Sat Aug 30 11:59:50 2008 +0300
@@ -550,6 +550,22 @@ const char *ssl_proxy_get_last_error(str
return proxy->last_error;
}
+const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy)
+{
+ SSL_CIPHER *cipher;
+ int bits, alg_bits;
+
+ if (!proxy->handshaked)
+ return "";
+
+ cipher = SSL_get_current_cipher(proxy->ssl);
+ bits = SSL_CIPHER_get_bits(cipher, &alg_bits);
+ return t_strdup_printf("%s with cipher %s (%d/%d bits)",
+ SSL_get_version(proxy->ssl),
+ SSL_CIPHER_get_name(cipher),
+ bits, alg_bits);
+}
+
void ssl_proxy_free(struct ssl_proxy *proxy)
{
ssl_proxy_unref(proxy);
diff -r 1d8bd4bc3038 -r 0177096cefe5 src/login-common/ssl-proxy.c
--- a/src/login-common/ssl-proxy.c Sat Aug 30 11:26:50 2008 +0300
+++ b/src/login-common/ssl-proxy.c Sat Aug 30 11:59:50 2008 +0300
@@ -36,6 +36,11 @@ const char *ssl_proxy_get_last_error(str
return NULL;
}
+const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy)
+{
+ return "";
+}
+
void ssl_proxy_free(struct ssl_proxy *proxy ATTR_UNUSED) {}
unsigned int ssl_proxy_get_count(void)
diff -r 1d8bd4bc3038 -r 0177096cefe5 src/login-common/ssl-proxy.h
--- a/src/login-common/ssl-proxy.h Sat Aug 30 11:26:50 2008 +0300
+++ b/src/login-common/ssl-proxy.h Sat Aug 30 11:59:50 2008 +0300
@@ -14,6 +14,7 @@ const char *ssl_proxy_get_peer_name(stru
const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy);
bool ssl_proxy_is_handshaked(struct ssl_proxy *proxy);
const char *ssl_proxy_get_last_error(struct ssl_proxy *proxy);
+const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy);
void ssl_proxy_free(struct ssl_proxy *proxy);
/* Return number of active SSL proxies */
More information about the dovecot-cvs
mailing list