mirror of https://github.com/Icinga/icinga2.git
Merge pull request #7315 from Icinga/feature/api-cipher-list-log
TLS: Fetch the cipher list and log them for debugging (OpenSSL 1.1.x)
This commit is contained in:
Diana Flach
GitHub
commit
35f53c0dc1
|
|
@ -107,22 +107,7 @@ static Value ArrayJoin(const Value& separator)
|
|||
ScriptFrame *vframe = ScriptFrame::GetCurrentFrame();
|
||||
Array::Ptr self = static_cast<Array::Ptr>(vframe->Self);
|
||||
REQUIRE_NOT_NULL(self);
|
||||
|
||||
Value result;
|
||||
bool first = true;
|
||||
|
||||
ObjectLock olock(self);
|
||||
for (const Value& item : self) {
|
||||
if (first) {
|
||||
first = false;
|
||||
} else {
|
||||
result = result + separator;
|
||||
}
|
||||
|
||||
result = result + item;
|
||||
}
|
||||
|
||||
return result;
|
||||
return self->Join(separator);
|
||||
}
|
||||
|
||||
static Array::Ptr ArrayReverse()
|
||||
|
|
|
|||
|
|
@ -297,6 +297,26 @@ String Array::ToString() const
|
|||
return msgbuf.str();
|
||||
}
|
||||
|
||||
Value Array::Join(const Value& separator) const
|
||||
{
|
||||
Value result;
|
||||
bool first = true;
|
||||
|
||||
ObjectLock olock(this);
|
||||
|
||||
for (const Value& item : m_Data) {
|
||||
if (first) {
|
||||
first = false;
|
||||
} else {
|
||||
result = result + separator;
|
||||
}
|
||||
|
||||
result = result + item;
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
Array::Ptr Array::Unique() const
|
||||
{
|
||||
std::set<Value> result;
|
||||
|
|
|
|||
|
|
@ -94,6 +94,7 @@ public:
|
|||
void Sort(bool overrideFrozen = false);
|
||||
|
||||
String ToString() const override;
|
||||
Value Join(const Value& separator) const;
|
||||
|
||||
Array::Ptr Unique() const;
|
||||
void Freeze();
|
||||
|
|
|
|||
|
|
@ -176,6 +176,23 @@ void SetCipherListToSSLContext(const std::shared_ptr<boost::asio::ssl::context>&
|
|||
<< boost::errinfo_api_function("SSL_CTX_set_cipher_list")
|
||||
<< errinfo_openssl_error(ERR_peek_error()));
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
//With OpenSSL 1.1.0, there might not be any returned 0.
|
||||
STACK_OF(SSL_CIPHER) *ciphers;
|
||||
Array::Ptr cipherNames = new Array();
|
||||
|
||||
ciphers = SSL_CTX_get_ciphers(context->native_handle());
|
||||
for (int i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
|
||||
const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
|
||||
String cipher_name = SSL_CIPHER_get_name(cipher);
|
||||
|
||||
cipherNames->Add(cipher_name);
|
||||
}
|
||||
|
||||
Log(LogNotice, "TlsUtility")
|
||||
<< "Available TLS cipher list: " << cipherNames->Join(" ");
|
||||
#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in New Issue