mirror of https://github.com/Icinga/icinga2.git
Enhance TLS handshake error messages with connection information
fixes #12287
This commit is contained in:
parent
73417275f6
commit
b7da28b176
|
@ -306,30 +306,6 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
|
|||
{
|
||||
CONTEXT("Handling new API client connection");
|
||||
|
||||
TlsStream::Ptr tlsStream;
|
||||
|
||||
{
|
||||
ObjectLock olock(this);
|
||||
try {
|
||||
tlsStream = new TlsStream(client, hostname, role, m_SSLContext);
|
||||
} catch (const std::exception&) {
|
||||
Log(LogCritical, "ApiListener", "Cannot create TLS stream from client connection.");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
tlsStream->Handshake();
|
||||
} catch (const std::exception& ex) {
|
||||
Log(LogCritical, "ApiListener", "Client TLS handshake failed");
|
||||
return;
|
||||
}
|
||||
|
||||
boost::shared_ptr<X509> cert = tlsStream->GetPeerCertificate();
|
||||
String identity;
|
||||
Endpoint::Ptr endpoint;
|
||||
bool verify_ok = false;
|
||||
|
||||
String conninfo;
|
||||
|
||||
if (role == RoleClient)
|
||||
|
@ -339,6 +315,32 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
|
|||
|
||||
conninfo += " " + client->GetPeerAddress();
|
||||
|
||||
TlsStream::Ptr tlsStream;
|
||||
|
||||
{
|
||||
ObjectLock olock(this);
|
||||
try {
|
||||
tlsStream = new TlsStream(client, hostname, role, m_SSLContext);
|
||||
} catch (const std::exception&) {
|
||||
Log(LogCritical, "ApiListener")
|
||||
<< "Cannot create TLS stream from client connection (" << conninfo << ")";
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
tlsStream->Handshake();
|
||||
} catch (const std::exception& ex) {
|
||||
Log(LogCritical, "ApiListener")
|
||||
<< "Client TLS handshake failed (" << conninfo << ")";
|
||||
return;
|
||||
}
|
||||
|
||||
boost::shared_ptr<X509> cert = tlsStream->GetPeerCertificate();
|
||||
String identity;
|
||||
Endpoint::Ptr endpoint;
|
||||
bool verify_ok = false;
|
||||
|
||||
if (cert) {
|
||||
try {
|
||||
identity = GetCertificateCN(cert);
|
||||
|
|
Loading…
Reference in New Issue