From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Mon, 18 Mar 2019 08:41:39 +0000 (+0000)
Subject: - Add log message, at verbosity 4, that says the query is encrypted
X-Git-Tag: final-svn-state~39
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb5251da66b3d059221db0a074d8cdf8f851910e;p=thirdparty%2Funbound.git

- Add log message, at verbosity 4, that says the query is encrypted
  with TLS, if that is enabled for the query.


git-svn-id: file:///svn/unbound/trunk@5136 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index 82ac70831..f6456534e 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+18 March 2019: Wouter
+	- Add log message, at verbosity 4, that says the query is encrypted
+	  with TLS, if that is enabled for the query.
+
 7 March 2019: Wouter
 	- Fix for #4233: guard use of NDEBUG, so that it can be passed in
 	  CFLAGS into configure.
diff --git a/services/outside_network.c b/services/outside_network.c
index 16d63df43..3347c38e7 100644
--- a/services/outside_network.c
+++ b/services/outside_network.c
@@ -364,6 +364,8 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
 			comm_point_close(pend->c);
 			return 0;
 		}
+		verbose(VERB_ALGO, "the query is using TLS encryption, for %s",
+			(w->tls_auth_name?w->tls_auth_name:"an unauthenticated connection"));
 #ifdef USE_WINSOCK
 		comm_point_tcp_win_bio_cb(pend->c, pend->c->ssl);
 #endif
@@ -404,6 +406,8 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
 			}
 			SSL_set_verify(pend->c->ssl, SSL_VERIFY_PEER, NULL);
 		}
+#else
+		verbose(VERB_ALGO, "the query has an auth_name, but libssl has no call to perform TLS authentication");
 #endif /* HAVE_SSL_SET1_HOST */
 	}
 	w->pkt = NULL;