dovecot-1.2: login_log_format_elements: Added %k to show SSL pro...
dovecot at dovecot.org
dovecot at dovecot.org
Sat Aug 30 12:00:52 EEST 2008
details: http://hg.dovecot.org/dovecot-1.2/rev/3917bf9cf311
changeset: 8122:3917bf9cf311
user: Timo Sirainen <tss at iki.fi>
date: Sat Aug 30 12:00:49 2008 +0300
description:
login_log_format_elements: Added %k to show SSL protocol/cipher information.
diffstat:
4 files changed, 26 insertions(+), 1 deletion(-)
src/login-common/client-common.c | 5 ++++-
src/login-common/ssl-proxy-openssl.c | 16 ++++++++++++++++
src/login-common/ssl-proxy.c | 5 +++++
src/login-common/ssl-proxy.h | 1 +
diffs (82 lines):
diff -r d95770cfd935 -r 3917bf9cf311 src/login-common/client-common.c
--- a/src/login-common/client-common.c Sat Aug 30 11:27:07 2008 +0300
+++ b/src/login-common/client-common.c Sat Aug 30 12:00:49 2008 +0300
@@ -49,6 +49,7 @@ get_var_expand_table(struct client *clie
{ 'a', NULL },
{ 'b', NULL },
{ 'c', NULL },
+ { 'k', NULL },
{ 'e', NULL },
{ '\0', NULL }
};
@@ -78,6 +79,7 @@ get_var_expand_table(struct client *clie
tab[10].value = dec2str(client->remote_port);
if (!client->tls) {
tab[11].value = client->secured ? "secured" : NULL;
+ tab[12].value = "";
} else {
const char *ssl_state = ssl_proxy_is_handshaked(client->proxy) ?
"TLS" : "TLS handshaking";
@@ -85,8 +87,9 @@ get_var_expand_table(struct client *clie
tab[11].value = ssl_error == NULL ? ssl_state :
t_strdup_printf("%s: %s", ssl_state, ssl_error);
+ tab[12].value = ssl_proxy_get_security_string(client->proxy);
}
- tab[12].value = dec2str(client->mail_pid);
+ tab[13].value = dec2str(client->mail_pid);
return tab;
}
diff -r d95770cfd935 -r 3917bf9cf311 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Sat Aug 30 11:27:07 2008 +0300
+++ b/src/login-common/ssl-proxy-openssl.c Sat Aug 30 12:00:49 2008 +0300
@@ -550,6 +550,22 @@ const char *ssl_proxy_get_last_error(con
return proxy->last_error;
}
+const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy)
+{
+ SSL_CIPHER *cipher;
+ int bits, alg_bits;
+
+ if (!proxy->handshaked)
+ return "";
+
+ cipher = SSL_get_current_cipher(proxy->ssl);
+ bits = SSL_CIPHER_get_bits(cipher, &alg_bits);
+ return t_strdup_printf("%s with cipher %s (%d/%d bits)",
+ SSL_get_version(proxy->ssl),
+ SSL_CIPHER_get_name(cipher),
+ bits, alg_bits);
+}
+
void ssl_proxy_free(struct ssl_proxy *proxy)
{
ssl_proxy_unref(proxy);
diff -r d95770cfd935 -r 3917bf9cf311 src/login-common/ssl-proxy.c
--- a/src/login-common/ssl-proxy.c Sat Aug 30 11:27:07 2008 +0300
+++ b/src/login-common/ssl-proxy.c Sat Aug 30 12:00:49 2008 +0300
@@ -36,6 +36,11 @@ const char *ssl_proxy_get_last_error(con
return NULL;
}
+const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy)
+{
+ return "";
+}
+
void ssl_proxy_free(struct ssl_proxy *proxy ATTR_UNUSED) {}
unsigned int ssl_proxy_get_count(void)
diff -r d95770cfd935 -r 3917bf9cf311 src/login-common/ssl-proxy.h
--- a/src/login-common/ssl-proxy.h Sat Aug 30 11:27:07 2008 +0300
+++ b/src/login-common/ssl-proxy.h Sat Aug 30 12:00:49 2008 +0300
@@ -14,6 +14,7 @@ const char *ssl_proxy_get_peer_name(stru
const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy);
bool ssl_proxy_is_handshaked(const struct ssl_proxy *proxy) ATTR_PURE;
const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy) ATTR_PURE;
+const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy);
void ssl_proxy_free(struct ssl_proxy *proxy);
/* Return number of active SSL proxies */
More information about the dovecot-cvs
mailing list