- Add log message, at verbosity 4, that says the query is encrypted

  with TLS, if that is enabled for the query.

git-svn-id: file:///svn/unbound/trunk@5136 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 82ac70831b988b3f0e7a89be5706055b86b0dfe1..f6456534ee183904226389384e7455e2fc705243 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+18 March 2019: Wouter
+       - Add log message, at verbosity 4, that says the query is encrypted
+         with TLS, if that is enabled for the query.
+
 7 March 2019: Wouter
        - Fix for #4233: guard use of NDEBUG, so that it can be passed in
          CFLAGS into configure.

diff --git a/services/outside_network.c b/services/outside_network.c
index 16d63df4395a4e2eff1c39468482ee3a080c9f7f..3347c38e7aa9b3ded4ca3980104a756f07ca1e09 100644 (file)
--- a/services/outside_network.c
+++ b/services/outside_network.c
@@ -364,6 +364,8 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
                        comm_point_close(pend->c);
                        return 0;
                }
+               verbose(VERB_ALGO, "the query is using TLS encryption, for %s",
+                       (w->tls_auth_name?w->tls_auth_name:"an unauthenticated connection"));
 #ifdef USE_WINSOCK
                comm_point_tcp_win_bio_cb(pend->c, pend->c->ssl);
 #endif
@@ -404,6 +406,8 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
                        }
                        SSL_set_verify(pend->c->ssl, SSL_VERIFY_PEER, NULL);
                }
+#else
+               verbose(VERB_ALGO, "the query has an auth_name, but libssl has no call to perform TLS authentication");
 #endif /* HAVE_SSL_SET1_HOST */
        }
        w->pkt = NULL;