kudu-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From t...@apache.org
Subject kudu git commit: [rpc] add method to output TLS cipher description
Date Sun, 18 Jun 2017 21:43:38 GMT
Repository: kudu
Updated Branches:
  refs/heads/master 677de010e -> d39781a5e


[rpc] add method to output TLS cipher description

Added TlsHandshake::GetCipherDescription() method.  It's used to print
information on TLS session cipher in the connection negotiation trace.
In addition to the cipher's name, it outputs info on key exchange and
authentication algorithms.

Change-Id: Ia6f1c6a67b66fac1dacebe87e17a996af409e6d1
Reviewed-on: http://gerrit.cloudera.org:8080/7217
Tested-by: Kudu Jenkins
Reviewed-by: Todd Lipcon <todd@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/d39781a5
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/d39781a5
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/d39781a5

Branch: refs/heads/master
Commit: d39781a5e510ba0faa87898ea140d30227921d65
Parents: 677de01
Author: Alexey Serbin <aserbin@cloudera.com>
Authored: Fri Jun 16 17:15:29 2017 -0700
Committer: Todd Lipcon <todd@apache.org>
Committed: Sun Jun 18 21:43:07 2017 +0000

----------------------------------------------------------------------
 src/kudu/rpc/client_negotiation.cc |  8 ++++----
 src/kudu/rpc/server_negotiation.cc |  8 ++++----
 src/kudu/security/tls_handshake.cc | 15 +++++++++++++++
 src/kudu/security/tls_handshake.h  |  4 ++++
 4 files changed, 27 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kudu/blob/d39781a5/src/kudu/rpc/client_negotiation.cc
----------------------------------------------------------------------
diff --git a/src/kudu/rpc/client_negotiation.cc b/src/kudu/rpc/client_negotiation.cc
index d6eb022..831364e 100644
--- a/src/kudu/rpc/client_negotiation.cc
+++ b/src/kudu/rpc/client_negotiation.cc
@@ -484,13 +484,13 @@ Status ClientNegotiation::HandleTlsHandshake(const NegotiatePB&
response) {
   // TLS handshake is finished.
   if (ContainsKey(server_features_, TLS_AUTHENTICATION_ONLY) &&
       ContainsKey(client_features_, TLS_AUTHENTICATION_ONLY)) {
-    TRACE("Negotiated auth-only $0 with cipher suite $1",
-          tls_handshake_.GetProtocol(), tls_handshake_.GetCipherSuite());
+    TRACE("Negotiated auth-only $0 with cipher $1",
+          tls_handshake_.GetProtocol(), tls_handshake_.GetCipherDescription());
     return tls_handshake_.FinishNoWrap(*socket_);
   }
 
-  TRACE("Negotiated $0 with cipher suite $1",
-        tls_handshake_.GetProtocol(), tls_handshake_.GetCipherSuite());
+  TRACE("Negotiated $0 with cipher $1",
+        tls_handshake_.GetProtocol(), tls_handshake_.GetCipherDescription());
   return tls_handshake_.Finish(&socket_);
 }
 

http://git-wip-us.apache.org/repos/asf/kudu/blob/d39781a5/src/kudu/rpc/server_negotiation.cc
----------------------------------------------------------------------
diff --git a/src/kudu/rpc/server_negotiation.cc b/src/kudu/rpc/server_negotiation.cc
index a9fd4db..4f0ed5f 100644
--- a/src/kudu/rpc/server_negotiation.cc
+++ b/src/kudu/rpc/server_negotiation.cc
@@ -564,13 +564,13 @@ Status ServerNegotiation::HandleTlsHandshake(const NegotiatePB&
request) {
   // TLS handshake is finished.
   if (ContainsKey(server_features_, TLS_AUTHENTICATION_ONLY) &&
       ContainsKey(client_features_, TLS_AUTHENTICATION_ONLY)) {
-    TRACE("Negotiated auth-only $0 with cipher suite $1",
-          tls_handshake_.GetProtocol(), tls_handshake_.GetCipherSuite());
+    TRACE("Negotiated auth-only $0 with cipher $1",
+          tls_handshake_.GetProtocol(), tls_handshake_.GetCipherDescription());
     return tls_handshake_.FinishNoWrap(*socket_);
   }
 
-  TRACE("Negotiated $0 with cipher suite $1",
-        tls_handshake_.GetProtocol(), tls_handshake_.GetCipherSuite());
+  TRACE("Negotiated $0 with cipher $1",
+        tls_handshake_.GetProtocol(), tls_handshake_.GetCipherDescription());
   return tls_handshake_.Finish(&socket_);
 }
 

http://git-wip-us.apache.org/repos/asf/kudu/blob/d39781a5/src/kudu/security/tls_handshake.cc
----------------------------------------------------------------------
diff --git a/src/kudu/security/tls_handshake.cc b/src/kudu/security/tls_handshake.cc
index b4e3937..e566f5d 100644
--- a/src/kudu/security/tls_handshake.cc
+++ b/src/kudu/security/tls_handshake.cc
@@ -253,5 +253,20 @@ string TlsHandshake::GetProtocol() const {
   return SSL_get_version(ssl_.get());
 }
 
+string TlsHandshake::GetCipherDescription() const {
+  SCOPED_OPENSSL_NO_PENDING_ERRORS;
+  CHECK(has_started_);
+  const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_.get());
+  if (cipher == nullptr) {
+    return "NONE";
+  }
+  char buf[512];
+  const char* ret = SSL_CIPHER_description(cipher, buf, sizeof(buf));
+  if (ret == nullptr) {
+    return "NONE";
+  }
+  return ret;
+}
+
 } // namespace security
 } // namespace kudu

http://git-wip-us.apache.org/repos/asf/kudu/blob/d39781a5/src/kudu/security/tls_handshake.h
----------------------------------------------------------------------
diff --git a/src/kudu/security/tls_handshake.h b/src/kudu/security/tls_handshake.h
index 2e7031f..cd3cb7c 100644
--- a/src/kudu/security/tls_handshake.h
+++ b/src/kudu/security/tls_handshake.h
@@ -129,6 +129,10 @@ class TlsHandshake {
   // handshake is complete and before 'Finish()'.
   std::string GetProtocol() const;
 
+  // Retrive the description of the negotiated cipher.
+  // Only valid to call after the handshake is complete and before 'Finish()'.
+  std::string GetCipherDescription() const;
+
  private:
   friend class TlsContext;
 


Mime
View raw message