summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorluwenpeng <[email protected]>2021-11-20 18:24:28 +0300
committerluwenpeng <[email protected]>2021-11-20 19:29:44 +0300
commit000ab9f9912042521b9ac5d9f0ebe7761f0b48b2 (patch)
treea3d4b4f30e54c1849efa2e398506bd09b2c10924
parentad481d77d9ec64204b7a64070490a80d559239a3 (diff)
修改debug日志: 输出服务端证书验证结果v4.5.26-20211120
Diffstat
-rw-r--r--platform/src/ssl_stream.cpp13
-rw-r--r--platform/src/ssl_trusted_cert_storage.cpp9
2 files changed, 13 insertions, 9 deletions
diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp
index f28bb32..5e1edcc 100644
--- a/platform/src/ssl_stream.cpp
+++ b/platform/src/ssl_stream.cpp
@@ -1333,6 +1333,19 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
s_upstream->is_server_cert_verify_passed = ssl_trusted_cert_storage_verify_conn(s_stream->mgr->trust_CA_store,
s_stream->ssl, s_stream->up_parts.client_hello->sni, &(s_stream->up_parts.verify_param),
error_str, sizeof(error_str), &(s_stream->up_parts.verify_result));
+ TFE_LOG_DEBUG(g_default_logger,
+ "addr:%s, sni:%s, is_cert_verify_passed:%d, cet_real_untrust:%d, verify_host_fail:%d, verify_issure_fail:%d, verify_self_signed_fail:%d, verify_expiry_date_fail:%d, verify_other_fail:%d, %s",
+ s_stream->tcp_stream->str_stream_info,
+ s_upstream->client_hello->sni,
+ s_upstream->is_server_cert_verify_passed,
+ ((s_upstream->verify_param.real_untrust & 0xff) ? 1 : 0),
+ ((s_upstream->verify_param.real_untrust & 0x01) ? 1 : 0),
+ ((s_upstream->verify_param.real_untrust & 0x02) ? 1 : 0),
+ ((s_upstream->verify_param.real_untrust & 0x04) ? 1 : 0),
+ ((s_upstream->verify_param.real_untrust & 0x08) ? 1 : 0),
+ ((s_upstream->verify_param.real_untrust & 0x10) ? 1 : 0),
+ (s_upstream->is_server_cert_verify_passed == 0 ? error_str : ""));
+
s_upstream->svc_status.is_ct=s_upstream->verify_result.is_ct;
s_upstream->svc_status.is_ev=s_upstream->verify_result.is_ev;
ssl_service_cache_write(mgr->svc_cache, s_upstream->client_hello, s_stream->tcp_stream, &(s_upstream->svc_status));
diff --git a/platform/src/ssl_trusted_cert_storage.cpp b/platform/src/ssl_trusted_cert_storage.cpp
index 0f1a60f..d0802a6 100644
--- a/platform/src/ssl_trusted_cert_storage.cpp
+++ b/platform/src/ssl_trusted_cert_storage.cpp
@@ -476,15 +476,6 @@ int ssl_trusted_cert_storage_verify_conn(struct ssl_trusted_cert_storage* storag
if (is_ssl_debug())
{
- TFE_LOG_DEBUG(g_default_logger,
- "sni:%s, cet_real_untrust:%d, verify_host_fail:%d, verify_issure_fail:%d, verify_self_signed_fail:%d, verify_expiry_date_fail:%d, verify_other_fail:%d",
- (hostname ? hostname : "NULL"),
- ((param->real_untrust & 0xff) ? 1 : 0),
- ((param->real_untrust & 0x01) ? 1 : 0),
- ((param->real_untrust & 0x02) ? 1 : 0),
- ((param->real_untrust & 0x04) ? 1 : 0),
- ((param->real_untrust & 0x08) ? 1 : 0),
- ((param->real_untrust & 0x10) ? 1 : 0));
ssl_chain_dump(hostname, "server_chain", cert_chain);
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 14:20:56 +0000