[icinga-checkins] icinga.org: icinga2/fix/ido-mysql-config-loop-12147: Enhance TLS handshake error messages with connection information

git at icinga.org git at icinga.org
Tue Aug 2 12:19:38 CEST 2016


Module: icinga2
Branch: fix/ido-mysql-config-loop-12147
Commit: b7da28b176303108fdd9d1234c518afa2e6602ab
URL:    https://git.icinga.org/?p=icinga2.git;a=commit;h=b7da28b176303108fdd9d1234c518afa2e6602ab

Author: Michael Friedrich <michael.friedrich at netways.de>
Date:   Tue Aug  2 12:14:03 2016 +0200

Enhance TLS handshake error messages with connection information

fixes #12287

---

 lib/remote/apilistener.cpp |   24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp
index 320cf20..e1b0025 100644
--- a/lib/remote/apilistener.cpp
+++ b/lib/remote/apilistener.cpp
@@ -306,6 +306,15 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
 {
 	CONTEXT("Handling new API client connection");
 
+	String conninfo;
+
+	if (role == RoleClient)
+		conninfo = "to";
+	else
+		conninfo = "from";
+
+	conninfo += " " + client->GetPeerAddress();
+
 	TlsStream::Ptr tlsStream;
 
 	{
@@ -313,7 +322,8 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
 		try {
 			tlsStream = new TlsStream(client, hostname, role, m_SSLContext);
 		} catch (const std::exception&) {
-			Log(LogCritical, "ApiListener", "Cannot create TLS stream from client connection.");
+			Log(LogCritical, "ApiListener")
+			    << "Cannot create TLS stream from client connection (" << conninfo << ")";
 			return;
 		}
 	}
@@ -321,7 +331,8 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
 	try {
 		tlsStream->Handshake();
 	} catch (const std::exception& ex) {
-		Log(LogCritical, "ApiListener", "Client TLS handshake failed");
+		Log(LogCritical, "ApiListener")
+		    << "Client TLS handshake failed (" << conninfo << ")";
 		return;
 	}
 
@@ -330,15 +341,6 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
 	Endpoint::Ptr endpoint;
 	bool verify_ok = false;
 
-	String conninfo;
-
-	if (role == RoleClient)
-		conninfo = "to";
-	else
-		conninfo = "from";
-
-	conninfo += " " + client->GetPeerAddress();
-
 	if (cert) {
 		try {
 			identity = GetCertificateCN(cert);



More information about the icinga-checkins mailing list