[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL v1 8/8] crypto: add trace points for TLS cert verific
|
From: |
Daniel P. Berrange |
|
Subject: |
[Qemu-devel] [PULL v1 8/8] crypto: add trace points for TLS cert verification |
|
Date: |
Mon, 19 Sep 2016 12:44:12 +0100 |
It is very useful to know about TLS cert verification
status when debugging, so add a trace point for it.
Signed-off-by: Daniel P. Berrange <address@hidden>
---
crypto/tlssession.c | 10 ++++++++--
crypto/trace-events | 1 +
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/crypto/tlssession.c b/crypto/tlssession.c
index 2de42c6..96a02de 100644
--- a/crypto/tlssession.c
+++ b/crypto/tlssession.c
@@ -351,16 +351,22 @@ qcrypto_tls_session_check_credentials(QCryptoTLSSession
*session,
{
if (object_dynamic_cast(OBJECT(session->creds),
TYPE_QCRYPTO_TLS_CREDS_ANON)) {
+ trace_qcrypto_tls_session_check_creds(session, "nop");
return 0;
} else if (object_dynamic_cast(OBJECT(session->creds),
TYPE_QCRYPTO_TLS_CREDS_X509)) {
if (session->creds->verifyPeer) {
- return qcrypto_tls_session_check_certificate(session,
- errp);
+ int ret = qcrypto_tls_session_check_certificate(session,
+ errp);
+ trace_qcrypto_tls_session_check_creds(session,
+ ret == 0 ? "pass" : "fail");
+ return ret;
} else {
+ trace_qcrypto_tls_session_check_creds(session, "skip");
return 0;
}
} else {
+ trace_qcrypto_tls_session_check_creds(session, "error");
error_setg(errp, "Unexpected credential type %s",
object_get_typename(OBJECT(session->creds)));
return -1;
diff --git a/crypto/trace-events b/crypto/trace-events
index 8181843..dc6ddd3 100644
--- a/crypto/trace-events
+++ b/crypto/trace-events
@@ -17,3 +17,4 @@ qcrypto_tls_creds_x509_load_cert_list(void *creds, const char
*file) "TLS creds
# crypto/tlssession.c
qcrypto_tls_session_new(void *session, void *creds, const char *hostname,
const char *aclname, int endpoint) "TLS session new session=%p creds=%p
hostname=%s aclname=%s endpoint=%d"
+qcrypto_tls_session_check_creds(void *session, const char *status) "TLS
session check creds session=%p status=%s"
--
2.7.4
- [Qemu-devel] [PULL v1 0/8] Merge qcrypto 2016/09/19, Daniel P. Berrange, 2016/09/19
- [Qemu-devel] [PULL v1 2/8] crypto: make PBKDF iterations configurable for LUKS format, Daniel P. Berrange, 2016/09/19
- [Qemu-devel] [PULL v1 3/8] crypto: clear out buffer after timing pbkdf algorithm, Daniel P. Berrange, 2016/09/19
- [Qemu-devel] [PULL v1 1/8] crypto: use uint64_t for pbkdf iteration count parameters, Daniel P. Berrange, 2016/09/19
- [Qemu-devel] [PULL v1 5/8] crypto: remove bogus /= 2 for pbkdf iterations, Daniel P. Berrange, 2016/09/19
- [Qemu-devel] [PULL v1 4/8] crypto: use correct derived key size when timing pbkdf, Daniel P. Berrange, 2016/09/19
- [Qemu-devel] [PULL v1 7/8] crypto: support more hash algorithms for pbkdf, Daniel P. Berrange, 2016/09/19
- [Qemu-devel] [PULL v1 8/8] crypto: add trace points for TLS cert verification,
Daniel P. Berrange <=
- [Qemu-devel] [PULL v1 6/8] crypto: increase default pbkdf2 time for luks to 2 seconds, Daniel P. Berrange, 2016/09/19
- Re: [Qemu-devel] [PULL v1 0/8] Merge qcrypto 2016/09/19, no-reply, 2016/09/19
Re: [Qemu-devel] [PULL v1 0/8] Merge qcrypto 2016/09/19, Peter Maydell, 2016/09/19