mirror of https://gitee.com/openkylin/qemu.git
crypto: add trace points for TLS cert verification
It is very useful to know about TLS cert verification status when debugging, so add a trace point for it. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
parent
533008f4f3
commit
b57482d7a0
|
@ -351,16 +351,22 @@ qcrypto_tls_session_check_credentials(QCryptoTLSSession *session,
|
|||
{
|
||||
if (object_dynamic_cast(OBJECT(session->creds),
|
||||
TYPE_QCRYPTO_TLS_CREDS_ANON)) {
|
||||
trace_qcrypto_tls_session_check_creds(session, "nop");
|
||||
return 0;
|
||||
} else if (object_dynamic_cast(OBJECT(session->creds),
|
||||
TYPE_QCRYPTO_TLS_CREDS_X509)) {
|
||||
if (session->creds->verifyPeer) {
|
||||
return qcrypto_tls_session_check_certificate(session,
|
||||
errp);
|
||||
int ret = qcrypto_tls_session_check_certificate(session,
|
||||
errp);
|
||||
trace_qcrypto_tls_session_check_creds(session,
|
||||
ret == 0 ? "pass" : "fail");
|
||||
return ret;
|
||||
} else {
|
||||
trace_qcrypto_tls_session_check_creds(session, "skip");
|
||||
return 0;
|
||||
}
|
||||
} else {
|
||||
trace_qcrypto_tls_session_check_creds(session, "error");
|
||||
error_setg(errp, "Unexpected credential type %s",
|
||||
object_get_typename(OBJECT(session->creds)));
|
||||
return -1;
|
||||
|
|
|
@ -17,3 +17,4 @@ qcrypto_tls_creds_x509_load_cert_list(void *creds, const char *file) "TLS creds
|
|||
|
||||
# crypto/tlssession.c
|
||||
qcrypto_tls_session_new(void *session, void *creds, const char *hostname, const char *aclname, int endpoint) "TLS session new session=%p creds=%p hostname=%s aclname=%s endpoint=%d"
|
||||
qcrypto_tls_session_check_creds(void *session, const char *status) "TLS session check creds session=%p status=%s"
|
||||
|
|
Loading…
Reference in New Issue