tls: fix server log messages to have client IP address

author Miroslav Lichvar <mlichvar@redhat.com>

Wed, 6 Aug 2025 13:43:41 +0000 (15:43 +0200)

committer Miroslav Lichvar <mlichvar@redhat.com>

Thu, 7 Aug 2025 08:18:31 +0000 (10:18 +0200)
author Miroslav Lichvar <mlichvar@redhat.com>
Wed, 6 Aug 2025 13:43:41 +0000 (15:43 +0200)
committer Miroslav Lichvar <mlichvar@redhat.com>
Thu, 7 Aug 2025 08:18:31 +0000 (10:18 +0200)
diff --git a/nts_ke_session.c b/nts_ke_session.c

index 7e09ac5f19342f6116fc107f08682f22a89be189..02cab087195a020ce13912a274ae81ace53bd69f 100644 (file)
--- a/nts_ke_session.c
+++ b/nts_ke_session.c
@@ -613,7 +613,7 @@ NKSN_StartSession(NKSN_Instance inst, int sock_fd, const char *label,
    assert(inst->state == KE_STOPPED);
  
    inst->tls_session = TLS_CreateInstance(inst->server, sock_fd, inst->server_name,
-                                         NKE_ALPN_NAME, credentials,
+                                         label, NKE_ALPN_NAME, credentials,
                                           clock_updates < CNF_GetNoCertTimeCheck());
    if (!inst->tls_session)
      return 0;
diff --git a/tls.h b/tls.h

index 0a283821ac79dc4929a9049dfb8b8de89230a611..8db419d706d5d8fcb028c530e5f0f9a38904e8ab 100644 (file)
--- a/tls.h
+++ b/tls.h
@@ -64,8 +64,8 @@ extern void TLS_DestroyCredentials(TLS_Credentials credentials);
  
  /* Create new TLS session instance */
  extern TLS_Instance TLS_CreateInstance(int server_mode, int sock_fd, const char *server_name,
-                                       const char *alpn_name, TLS_Credentials credentials,
-                                       int disable_time_checks);
+                                       const char *label, const char *alpn_name,
+                                       TLS_Credentials credentials, int disable_time_checks);
  
  /* Destroy TLS instance */
  extern void TLS_DestroyInstance(TLS_Instance inst);
diff --git a/tls_gnutls.c b/tls_gnutls.c

index bb03cd68f5ba310ce00ea94d26dd9a844080a9e2..21ec7a4cda95bca5797b858a0be64deaf56c6bb3 100644 (file)
--- a/tls_gnutls.c
+++ b/tls_gnutls.c
@@ -42,7 +42,7 @@
  struct TLS_Instance_Record {
    gnutls_session_t session;
    int server;
-  char *server_name;
+  char *label;
    char *alpn_name;
  };
  
@@ -162,7 +162,7 @@ TLS_DestroyCredentials(TLS_Credentials credentials)
  /* ================================================== */
  
  TLS_Instance
-TLS_CreateInstance(int server_mode, int sock_fd, const char *server_name,
+TLS_CreateInstance(int server_mode, int sock_fd, const char *server_name, const char *label,
                     const char *alpn_name, TLS_Credentials credentials, int disable_time_checks)
  {
    gnutls_datum_t alpn;
@@ -173,7 +173,7 @@ TLS_CreateInstance(int server_mode, int sock_fd, const char *server_name,
  
    inst->session = NULL;
    inst->server = server_mode;
-  inst->server_name = server_name ? Strdup(server_name) : NULL;
+  inst->label = Strdup(label);
    inst->alpn_name = alpn_name ? Strdup(alpn_name) : NULL;
  
    r = gnutls_init(&inst->session, GNUTLS_NONBLOCK | GNUTLS_NO_TICKETS |
@@ -237,8 +237,7 @@ TLS_DestroyInstance(TLS_Instance inst)
    if (inst->session)
      gnutls_deinit(inst->session);
  
-  if (inst->server_name)
-    Free(inst->server_name);
+  Free(inst->label);
  
    if (inst->alpn_name)
      Free(inst->alpn_name);
@@ -280,7 +279,7 @@ TLS_DoHandshake(TLS_Instance inst)
          cert_error.data = NULL;
  
        LOG(inst->server ? LOGS_DEBUG : LOGS_ERR,
-          "TLS handshake with %s failed : %s%s%s", inst->server_name, gnutls_strerror(r),
+          "TLS handshake with %s failed : %s%s%s", inst->label, gnutls_strerror(r),
            cert_error.data ? " " : "", cert_error.data ? (const char *)cert_error.data : "");
  
        if (cert_error.data)
@@ -299,13 +298,12 @@ TLS_DoHandshake(TLS_Instance inst)
  
    if (DEBUG) {
      char *description = gnutls_session_get_desc(inst->session);
-    DEBUG_LOG("Handshake with %s completed %s", inst->server_name,
-              description ? description : "");
+    DEBUG_LOG("Handshake with %s completed %s", inst->label, description ? description : "");
      gnutls_free(description);
    }
  
    if (!check_alpn(inst)) {
-    LOG(inst->server ? LOGS_DEBUG : LOGS_ERR, "NTS-KE not supported by %s", inst->server_name);
+    LOG(inst->server ? LOGS_DEBUG : LOGS_ERR, "NTS-KE not supported by %s", inst->label);
      return TLS_FAILED;
    }
  
@@ -327,7 +325,7 @@ TLS_Send(TLS_Instance inst, const void *data, int length, int *sent)
    if (r < 0) {
      if (gnutls_error_is_fatal(r)) {
        LOG(inst->server ? LOGS_DEBUG : LOGS_ERR,
-          "Could not send NTS-KE message to %s : %s", inst->server_name, gnutls_strerror(r));
+          "Could not send NTS-KE message to %s : %s", inst->label, gnutls_strerror(r));
        return TLS_FAILED;
      }
  
@@ -356,8 +354,7 @@ TLS_Receive(TLS_Instance inst, void *data, int length, int *received)
         a protocol error */
      if (gnutls_error_is_fatal(r) || r == GNUTLS_E_REHANDSHAKE) {
        LOG(inst->server ? LOGS_DEBUG : LOGS_ERR,
-          "Could not receive NTS-KE message from %s : %s",
-          inst->server_name, gnutls_strerror(r));
+          "Could not receive NTS-KE message from %s : %s", inst->label, gnutls_strerror(r));
        return TLS_FAILED;
      }
  
@@ -386,7 +383,7 @@ TLS_Shutdown(TLS_Instance inst)
  
    if (r < 0) {
      if (gnutls_error_is_fatal(r)) {
-      DEBUG_LOG("Shutdown with %s failed : %s", inst->server_name, gnutls_strerror(r));
+      DEBUG_LOG("Shutdown with %s failed : %s", inst->label, gnutls_strerror(r));
        return TLS_FAILED;
      }
author	Miroslav Lichvar <mlichvar@redhat.com>
	Wed, 6 Aug 2025 13:43:41 +0000 (15:43 +0200)
committer	Miroslav Lichvar <mlichvar@redhat.com>
	Thu, 7 Aug 2025 08:18:31 +0000 (10:18 +0200)
nts_ke_session.c		patch \| blob \| blame \| history
tls.h		patch \| blob \| blame \| history
tls_gnutls.c		patch \| blob \| blame \| history