From 2be9fb350b1df63280ade112209aa828bbc991fa Mon Sep 17 00:00:00 2001 From: Fabian Mauchle Date: Fri, 8 Jan 2021 14:16:44 +0100 Subject: [PATCH] apply to outgoing and dtls too --- dtls.c | 15 +++++++++++++-- tls.c | 10 ++++++++-- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/dtls.c b/dtls.c index 7db28f6..620259d 100644 --- a/dtls.c +++ b/dtls.c @@ -304,7 +304,7 @@ void *dtlsservernew(void *arg) { unsigned long error; struct timeval timeout; struct addrinfo tmpsrvaddr; - char tmp[INET6_ADDRSTRLEN]; + char tmp[INET6_ADDRSTRLEN], *subj; debug(DBG_WARN, "dtlsservernew: incoming DTLS connection from %s", addr2string((struct sockaddr *)¶ms->addr, tmp, sizeof(tmp))); @@ -343,6 +343,12 @@ void *dtlsservernew(void *arg) { while (conf) { if (accepted_tls == conf->tlsconf && verifyconfcert(cert, conf)) { + subj = getcertsubject(cert); + if(subj) { + debug(DBG_WARN, "dtlsservernew: DTLS connection from %s, client %s, subject %s up", + addr2string((struct sockaddr *)¶ms->addr, tmp, sizeof(tmp)), conf->name, subj); + free(subj); + } X509_free(cert); client = addclient(conf, 1); if (client) { @@ -524,6 +530,7 @@ int dtlsconnect(struct server *server, int timeout, char *text) { unsigned long error; BIO *bio; struct addrinfo *source = NULL; + char *subj; debug(DBG_DBG, "dtlsconnect: called from %s", text); pthread_mutex_lock(&server->lock); @@ -601,12 +608,16 @@ int dtlsconnect(struct server *server, int timeout, char *text) { if (!cert) continue; if (verifyconfcert(cert, server->conf)) { + subj = getcertsubject(cert); + if(subj) { + debug(DBG_WARN, "dtlsconnect: DTLS connection to %s, subject %s up", server->conf->name, subj); + free(subj); + } X509_free(cert); break; } X509_free(cert); } - debug(DBG_WARN, "dtlsconnect: DTLS connection to %s up", server->conf->name); pthread_mutex_lock(&server->lock); server->state = RSP_SERVER_STATE_CONNECTED; diff --git a/tls.c b/tls.c index 8adc157..f717d98 100644 --- a/tls.c +++ b/tls.c @@ -91,6 +91,7 @@ int tlsconnect(struct server *server, int timeout, char *text) { unsigned long error; int origflags; struct addrinfo *source = NULL; + char *subj; debug(DBG_DBG, "tlsconnect: called from %s", text); pthread_mutex_lock(&server->lock); @@ -157,6 +158,11 @@ int tlsconnect(struct server *server, int timeout, char *text) { if (!cert) continue; if (verifyconfcert(cert, server->conf)) { + subj = getcertsubject(cert); + if(subj) { + debug(DBG_WARN, "tlsconnect: TLS connection to %s, subject %s up", server->conf->name, subj); + free(subj); + } X509_free(cert); break; } @@ -492,7 +498,7 @@ void *tlsservernew(void *arg) { unsigned long error; struct client *client; struct tls *accepted_tls = NULL; - char tmp[INET6_ADDRSTRLEN]; + char tmp[INET6_ADDRSTRLEN], *subj; s = *(int *)arg; free(arg); @@ -538,7 +544,7 @@ void *tlsservernew(void *arg) { while (conf) { if (accepted_tls == conf->tlsconf && verifyconfcert(cert, conf)) { - char *subj = getcertsubject(cert); + subj = getcertsubject(cert); if(subj) { debug(DBG_WARN, "tlsservernew: TLS connection from %s, client %s, subject %s up", addr2string((struct sockaddr *)&from,tmp, sizeof(tmp)), conf->name, subj);