summaryrefslogtreecommitdiffstats
path: root/rpc
diff options
context:
space:
mode:
authorMohit Agrawal <moagrawal@redhat.com>2020-03-31 16:45:35 +0530
committerXavi Hernandez <xhernandez@redhat.com>2020-04-02 08:31:29 +0000
commit80dd8cceab3b860bf1bc2945c8e2d8d0b3913e48 (patch)
tree3df391cc44e3f9146d9b87f9a97b75a080227370 /rpc
parent2d5ba449e9200b16184b1e7fc84cabd015f1f779 (diff)
rpc: Make ssl log more useful
Currently, ssl_setup_connection_params throws 4 messages for every rpc connection that irritates a user while reading the logs. The same info we can print in a single log with peerinfo to make it more useful.ssl_setup_connection_params try to load dh_param even user has not configured it and if a dh_param file is not available it throws a failure message.To avoid the message load dh_param only while the user has configured it. Change-Id: I9ddb57f86a3fa3e519180cb5d88828e59fe0e487 Fixes: #1141 Signed-off-by: Mohit Agrawal <moagrawal@redhat.com>
Diffstat (limited to 'rpc')
-rw-r--r--rpc/rpc-transport/socket/src/socket.c39
1 files changed, 22 insertions, 17 deletions
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c
index a295e6a9bab..17002d448ff 100644
--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@@ -4171,6 +4171,7 @@ ssl_setup_connection_params(rpc_transport_t *this)
char *cipher_list = DEFAULT_CIPHER_LIST;
char *dh_param = DEFAULT_DH_PARAM;
char *ec_curve = DEFAULT_EC_CURVE;
+ gf_boolean_t dh_flag = _gf_false;
priv = this->private;
@@ -4179,6 +4180,10 @@ ssl_setup_connection_params(rpc_transport_t *this)
return 0;
}
+ if (!priv->ssl_enabled && !priv->mgmt_ssl) {
+ return 0;
+ }
+
priv->ssl_own_cert = DEFAULT_CERT_PATH;
if (dict_get_str_sizen(this->options, SSL_OWN_CERT_OPT, &optstr) == 0) {
if (!priv->ssl_enabled) {
@@ -4225,28 +4230,25 @@ ssl_setup_connection_params(rpc_transport_t *this)
priv->crl_path = gf_strdup(optstr);
}
- gf_log(this->name, priv->ssl_enabled ? GF_LOG_INFO : GF_LOG_DEBUG,
- "SSL support on the I/O path is %s",
- priv->ssl_enabled ? "ENABLED" : "NOT enabled");
- gf_log(this->name, priv->mgmt_ssl ? GF_LOG_INFO : GF_LOG_DEBUG,
- "SSL support for glusterd is %s",
- priv->mgmt_ssl ? "ENABLED" : "NOT enabled");
-
if (!priv->mgmt_ssl) {
if (!dict_get_int32_sizen(this->options, SSL_CERT_DEPTH_OPT,
&cert_depth)) {
- gf_log(this->name, GF_LOG_INFO, "using certificate depth %d",
- cert_depth);
}
} else {
cert_depth = this->ctx->ssl_cert_depth;
- gf_log(this->name, GF_LOG_INFO, "using certificate depth %d",
- cert_depth);
}
+ gf_log(this->name, priv->ssl_enabled ? GF_LOG_INFO : GF_LOG_DEBUG,
+ "SSL support for MGMT is %s IO path is %s certificate depth is %d "
+ "for peer %s",
+ (priv->mgmt_ssl ? "ENABLED" : "NOT enabled"),
+ (priv->ssl_enabled ? "ENABLED" : "NOT enabled"), cert_depth,
+ this->peerinfo.identifier);
+
if (!dict_get_str_sizen(this->options, SSL_CIPHER_LIST_OPT, &cipher_list)) {
gf_log(this->name, GF_LOG_INFO, "using cipher list %s", cipher_list);
}
if (!dict_get_str_sizen(this->options, SSL_DH_PARAM_OPT, &dh_param)) {
+ dh_flag = _gf_true;
gf_log(this->name, GF_LOG_INFO, "using DH parameters %s", dh_param);
}
if (!dict_get_str_sizen(this->options, SSL_EC_CURVE_OPT, &ec_curve)) {
@@ -4281,12 +4283,15 @@ ssl_setup_connection_params(rpc_transport_t *this)
#ifdef SSL_OP_NO_COMPRESSION
SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_COMPRESSION);
#endif
-
- if ((bio = BIO_new_file(dh_param, "r")) == NULL) {
- gf_log(this->name, GF_LOG_INFO,
- "failed to open %s, "
- "DH ciphers are disabled",
- dh_param);
+ /* Upload file to bio wrapper only if dh param is configured
+ */
+ if (dh_flag) {
+ if ((bio = BIO_new_file(dh_param, "r")) == NULL) {
+ gf_log(this->name, GF_LOG_ERROR,
+ "failed to open %s, "
+ "DH ciphers are disabled",
+ dh_param);
+ }
}
if (bio != NULL) {