qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL v1 8/8] crypto: add trace points for TLS cert verific


From: Daniel P. Berrange
Subject: [Qemu-devel] [PULL v1 8/8] crypto: add trace points for TLS cert verification
Date: Mon, 19 Sep 2016 12:44:12 +0100

It is very useful to know about TLS cert verification
status when debugging, so add a trace point for it.

Signed-off-by: Daniel P. Berrange <address@hidden>
---
 crypto/tlssession.c | 10 ++++++++--
 crypto/trace-events |  1 +
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/crypto/tlssession.c b/crypto/tlssession.c
index 2de42c6..96a02de 100644
--- a/crypto/tlssession.c
+++ b/crypto/tlssession.c
@@ -351,16 +351,22 @@ qcrypto_tls_session_check_credentials(QCryptoTLSSession 
*session,
 {
     if (object_dynamic_cast(OBJECT(session->creds),
                             TYPE_QCRYPTO_TLS_CREDS_ANON)) {
+        trace_qcrypto_tls_session_check_creds(session, "nop");
         return 0;
     } else if (object_dynamic_cast(OBJECT(session->creds),
                             TYPE_QCRYPTO_TLS_CREDS_X509)) {
         if (session->creds->verifyPeer) {
-            return qcrypto_tls_session_check_certificate(session,
-                                                         errp);
+            int ret = qcrypto_tls_session_check_certificate(session,
+                                                            errp);
+            trace_qcrypto_tls_session_check_creds(session,
+                                                  ret == 0 ? "pass" : "fail");
+            return ret;
         } else {
+            trace_qcrypto_tls_session_check_creds(session, "skip");
             return 0;
         }
     } else {
+        trace_qcrypto_tls_session_check_creds(session, "error");
         error_setg(errp, "Unexpected credential type %s",
                    object_get_typename(OBJECT(session->creds)));
         return -1;
diff --git a/crypto/trace-events b/crypto/trace-events
index 8181843..dc6ddd3 100644
--- a/crypto/trace-events
+++ b/crypto/trace-events
@@ -17,3 +17,4 @@ qcrypto_tls_creds_x509_load_cert_list(void *creds, const char 
*file) "TLS creds
 
 # crypto/tlssession.c
 qcrypto_tls_session_new(void *session, void *creds, const char *hostname, 
const char *aclname, int endpoint) "TLS session new session=%p creds=%p 
hostname=%s aclname=%s endpoint=%d"
+qcrypto_tls_session_check_creds(void *session, const char *status) "TLS 
session check creds session=%p status=%s"
-- 
2.7.4




reply via email to

[Prev in Thread] Current Thread [Next in Thread]