git: 74c4cb9cc376 - stable/13 - rpc.tlsservd: Add logging of TLS version and cipher used

From: Rick Macklem <rmacklem_at_FreeBSD.org>
Date: Tue, 24 May 2022 01:03:25 UTC
The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=74c4cb9cc3763b536f3e9843b976b8bc42535512

commit 74c4cb9cc3763b536f3e9843b976b8bc42535512
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2022-05-06 21:03:43 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2022-05-24 01:02:18 +0000

    rpc.tlsservd: Add logging of TLS version and cipher used
    
    This patch adds logging of the version of TLS and cipher
    negotiated successfully by the TLS handshake for each client,
    if the "-v" command line option has been specified.
    
    This information may be useful for monitoring and debugging
    NFS-over-TLS mounts.
    
    (cherry picked from commit d71c9f14682fee73f3694426fb47e66aab721835)
---
 usr.sbin/rpc.tlsservd/rpc.tlsservd.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c
index 71787b162acd..16dd3e9c2d8b 100644
--- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c
+++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c
@@ -679,13 +679,23 @@ rpctls_server(SSL_CTX *ctx, int s, uint32_t *flags, uint32_t *uidp,
 		return (NULL);
 	}
 	*flags |= RPCTLS_FLAGS_HANDSHAKE;
+	if (rpctls_verbose) {
+		gethostret = rpctls_gethost(s, sad, hostnam, sizeof(hostnam));
+		if (gethostret == 0)
+			hostnam[0] = '\0';
+		rpctls_verbose_out("rpctls_server: SSL handshake ok for host %s"
+		    " <%s %s>\n", hostnam, SSL_get_version(ssl),
+		    SSL_get_cipher(ssl));
+	}
 	if (rpctls_do_mutual) {
 		cert = SSL_get_peer_certificate(ssl);
 		if (cert != NULL) {
-			gethostret = rpctls_gethost(s, sad, hostnam,
-			    sizeof(hostnam));
-			if (gethostret == 0)
-				hostnam[0] = '\0';
+			if (!rpctls_verbose) {
+				gethostret = rpctls_gethost(s, sad, hostnam,
+				    sizeof(hostnam));
+				if (gethostret == 0)
+					hostnam[0] = '\0';
+			}
 			cp2 = X509_NAME_oneline(
 			    X509_get_subject_name(cert), NULL, 0);
 			*flags |= RPCTLS_FLAGS_GOTCERT;