DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-03 17:35:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

tls: fix server log messages to have client IP address

Browse Source 
Add an additional parameter to TLS_CreateInstance() to save the label of
the connection (server name on the client side and client IP
address:port on the server side) instead of the server name (which is
NULL on the server side) to fix the log messages.

Fixes: 3e32e7e694 ("tls: move gnutls code into tls_gnutls.c")
This commit is contained in:
Miroslav Lichvar
2025-08-06 15:43:41 +02:00
parent abc267a556
commit 93a78c73ad
3 changed files with 13 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nts_ke_session.c
View File

@@ -613,7 +613,7 @@ NKSN_StartSession(NKSN_Instance inst, int sock_fd, const char *label,
assert(inst->state == KE_STOPPED); assert(inst->state == KE_STOPPED);
inst->tls_session = TLS_CreateInstance(inst->server, sock_fd, inst->server_name, inst->tls_session = TLS_CreateInstance(inst->server, sock_fd, inst->server_name,
NKE_ALPN_NAME, credentials, label, NKE_ALPN_NAME, credentials,
clock_updates < CNF_GetNoCertTimeCheck()); clock_updates < CNF_GetNoCertTimeCheck());
if (!inst->tls_session) if (!inst->tls_session)
return 0; return 0;

4
tls.h
View File

@@ -64,8 +64,8 @@ extern void TLS_DestroyCredentials(TLS_Credentials credentials);
/* Create new TLS session instance */ /* Create new TLS session instance */
extern TLS_Instance TLS_CreateInstance(int server_mode, int sock_fd, const char *server_name, extern TLS_Instance TLS_CreateInstance(int server_mode, int sock_fd, const char *server_name,
const char *alpn_name, TLS_Credentials credentials, const char *label, const char *alpn_name,
int disable_time_checks); TLS_Credentials credentials, int disable_time_checks);
/* Destroy TLS instance */ /* Destroy TLS instance */
extern void TLS_DestroyInstance(TLS_Instance inst); extern void TLS_DestroyInstance(TLS_Instance inst);

23
tls_gnutls.c
View File

@@ -42,7 +42,7 @@
struct TLS_Instance_Record { struct TLS_Instance_Record {
gnutls_session_t session; gnutls_session_t session;
int server; int server;
char *server_name; char *label;
char *alpn_name; char *alpn_name;
}; };
@@ -162,7 +162,7 @@ TLS_DestroyCredentials(TLS_Credentials credentials)
/* ================================================== */ /* ================================================== */
TLS_Instance TLS_Instance
TLS_CreateInstance(int server_mode, int sock_fd, const char *server_name, TLS_CreateInstance(int server_mode, int sock_fd, const char *server_name, const char *label,
const char *alpn_name, TLS_Credentials credentials, int disable_time_checks) const char *alpn_name, TLS_Credentials credentials, int disable_time_checks)
{ {
gnutls_datum_t alpn; gnutls_datum_t alpn;
@@ -173,7 +173,7 @@ TLS_CreateInstance(int server_mode, int sock_fd, const char *server_name,
inst->session = NULL; inst->session = NULL;
inst->server = server_mode; inst->server = server_mode;
inst->server_name = server_name ? Strdup(server_name) : NULL; inst->label = Strdup(label);
inst->alpn_name = alpn_name ? Strdup(alpn_name) : NULL; inst->alpn_name = alpn_name ? Strdup(alpn_name) : NULL;
r = gnutls_init(&inst->session, GNUTLS_NONBLOCK | GNUTLS_NO_TICKETS | r = gnutls_init(&inst->session, GNUTLS_NONBLOCK | GNUTLS_NO_TICKETS |
@@ -237,8 +237,7 @@ TLS_DestroyInstance(TLS_Instance inst)
if (inst->session) if (inst->session)
gnutls_deinit(inst->session); gnutls_deinit(inst->session);
if (inst->server_name) Free(inst->label);
Free(inst->server_name);
if (inst->alpn_name) if (inst->alpn_name)
Free(inst->alpn_name); Free(inst->alpn_name);
@@ -280,7 +279,7 @@ TLS_DoHandshake(TLS_Instance inst)
cert_error.data = NULL; cert_error.data = NULL;
LOG(inst->server ? LOGS_DEBUG : LOGS_ERR, LOG(inst->server ? LOGS_DEBUG : LOGS_ERR,
"TLS handshake with %s failed : %s%s%s", inst->server_name, gnutls_strerror(r), "TLS handshake with %s failed : %s%s%s", inst->label, gnutls_strerror(r),
cert_error.data ? " " : "", cert_error.data ? (const char *)cert_error.data : ""); cert_error.data ? " " : "", cert_error.data ? (const char *)cert_error.data : "");
if (cert_error.data) if (cert_error.data)
@@ -299,13 +298,12 @@ TLS_DoHandshake(TLS_Instance inst)
if (DEBUG) { if (DEBUG) {
char *description = gnutls_session_get_desc(inst->session); char *description = gnutls_session_get_desc(inst->session);
DEBUG_LOG("Handshake with %s completed %s", inst->server_name, DEBUG_LOG("Handshake with %s completed %s", inst->label, description ? description : "");
description ? description : "");
gnutls_free(description); gnutls_free(description);
} }
if (!check_alpn(inst)) { if (!check_alpn(inst)) {
LOG(inst->server ? LOGS_DEBUG : LOGS_ERR, "NTS-KE not supported by %s", inst->server_name); LOG(inst->server ? LOGS_DEBUG : LOGS_ERR, "NTS-KE not supported by %s", inst->label);
return TLS_FAILED; return TLS_FAILED;
} }
@@ -327,7 +325,7 @@ TLS_Send(TLS_Instance inst, const void *data, int length, int *sent)
if (r < 0) { if (r < 0) {
if (gnutls_error_is_fatal(r)) { if (gnutls_error_is_fatal(r)) {
LOG(inst->server ? LOGS_DEBUG : LOGS_ERR, LOG(inst->server ? LOGS_DEBUG : LOGS_ERR,
"Could not send NTS-KE message to %s : %s", inst->server_name, gnutls_strerror(r)); "Could not send NTS-KE message to %s : %s", inst->label, gnutls_strerror(r));
return TLS_FAILED; return TLS_FAILED;
} }
@@ -356,8 +354,7 @@ TLS_Receive(TLS_Instance inst, void *data, int length, int *received)
a protocol error */ a protocol error */
if (gnutls_error_is_fatal(r) || r == GNUTLS_E_REHANDSHAKE) { if (gnutls_error_is_fatal(r) || r == GNUTLS_E_REHANDSHAKE) {
LOG(inst->server ? LOGS_DEBUG : LOGS_ERR, LOG(inst->server ? LOGS_DEBUG : LOGS_ERR,
"Could not receive NTS-KE message from %s : %s", "Could not receive NTS-KE message from %s : %s", inst->label, gnutls_strerror(r));
inst->server_name, gnutls_strerror(r));
return TLS_FAILED; return TLS_FAILED;
} }
@@ -386,7 +383,7 @@ TLS_Shutdown(TLS_Instance inst)
if (r < 0) { if (r < 0) {
if (gnutls_error_is_fatal(r)) { if (gnutls_error_is_fatal(r)) {
DEBUG_LOG("Shutdown with %s failed : %s", inst->server_name, gnutls_strerror(r)); DEBUG_LOG("Shutdown with %s failed : %s", inst->label, gnutls_strerror(r));
return TLS_FAILED; return TLS_FAILED;
} }