#47945: Add SSL/TLS version info to the access log
-------------------------------------------------+-------------------------
Reporter: nhosoi | Owner: nhosoi
Type: defect | Status:
Priority: major | accepted
Component: Directory Server | Milestone: 1.3.3
Resolution: | backlog
Blocked By: | Version: 1.3.0
Review: review? | Keywords:
Red Hat Bugzilla: | Blocking:
[https://bugzilla.redhat.com/show_bug.cgi?id=1153737| Ticket origin:
1153737] | Community
-------------------------------------------------+-------------------------
Comment (by rmeggins):
Thanks. Almost there
{{{
if ((vnum & SSL_LIBRARY_VERSION_3_0) == SSL_LIBRARY_VERSION_3_0) {
...
}}}
This will only work for TLSv1.x. I would like to see support for TLSv2.x
and later, something like this:
{{{
if (vnum >= SSL_LIBRARY_VERSION_3_0) {
if (vnum == SSL_LIBRARY_VERSION_3_0) { /* SSL3 */
if (buf && bufsize) {
PR_snprintf(buf, bufsize, "SSL3");
} else {
vstr = slapi_ch_smprintf("SSL3");
}
} else { /* TLS v X.Y */
const char *TLSFMT = "TLS%d.%d";
int minor_offset = 0; /* e.g. 0x0401 -> TLS v 2.1, not 2.0 */
if ((vnum & SSL_LIBRARY_VERSION_3_0) ==
SSL_LIBRARY_VERSION_3_0) {
minor_offset = 1; /* e.g. 0x0301 -> TLS v 1.0, not 1.1 */
}
if (buf && bufsize) {
PR_snprintf(buf, bufsize, TLSFMT, (vnum >> 8) - 2, (vnum &
0xff) - minor_offset);
} else {
vstr = slapi_ch_smprintf(TLSFMT, (vnum >> 8) - 2, (vnum &
0xff) - minor_offset);
}
}
} else { /* SSL2 or unknown */
...
}
}}}
That way, if vnum > SSL_LIBRARY_VERSION_3_0 (e.g. vnum == 0x0400 e.g. TLS
v2.0) our code will support it with no changes.
|
--
389-devel mailing list
389-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-devel
