diff options
author | Daniel P. Berrange <berrange@redhat.com> | 2016-09-14 10:18:09 +0100 |
---|---|---|
committer | Daniel P. Berrange <berrange@redhat.com> | 2016-09-19 16:30:46 +0100 |
commit | b57482d7a0fe669aeb6f0c3c3503d143b9db89dd (patch) | |
tree | 58c719a671fe4fadec5eb1bfc034076bf4ccf834 /crypto | |
parent | 533008f4f382490f817a0c313f2d32f6173c08c7 (diff) |
crypto: add trace points for TLS cert verification
It is very useful to know about TLS cert verification
status when debugging, so add a trace point for it.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/tlssession.c | 10 | ||||
-rw-r--r-- | crypto/trace-events | 1 |
2 files changed, 9 insertions, 2 deletions
diff --git a/crypto/tlssession.c b/crypto/tlssession.c index 2de42c61cb..96a02deb69 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -351,16 +351,22 @@ qcrypto_tls_session_check_credentials(QCryptoTLSSession *session, { if (object_dynamic_cast(OBJECT(session->creds), TYPE_QCRYPTO_TLS_CREDS_ANON)) { + trace_qcrypto_tls_session_check_creds(session, "nop"); return 0; } else if (object_dynamic_cast(OBJECT(session->creds), TYPE_QCRYPTO_TLS_CREDS_X509)) { if (session->creds->verifyPeer) { - return qcrypto_tls_session_check_certificate(session, - errp); + int ret = qcrypto_tls_session_check_certificate(session, + errp); + trace_qcrypto_tls_session_check_creds(session, + ret == 0 ? "pass" : "fail"); + return ret; } else { + trace_qcrypto_tls_session_check_creds(session, "skip"); return 0; } } else { + trace_qcrypto_tls_session_check_creds(session, "error"); error_setg(errp, "Unexpected credential type %s", object_get_typename(OBJECT(session->creds))); return -1; diff --git a/crypto/trace-events b/crypto/trace-events index 8181843723..dc6ddd30d6 100644 --- a/crypto/trace-events +++ b/crypto/trace-events @@ -17,3 +17,4 @@ qcrypto_tls_creds_x509_load_cert_list(void *creds, const char *file) "TLS creds # crypto/tlssession.c qcrypto_tls_session_new(void *session, void *creds, const char *hostname, const char *aclname, int endpoint) "TLS session new session=%p creds=%p hostname=%s aclname=%s endpoint=%d" +qcrypto_tls_session_check_creds(void *session, const char *status) "TLS session check creds session=%p status=%s" |