From 7c3cb5da944b2f859b736bb77a7e4a98f458d8ce Mon Sep 17 00:00:00 2001 From: bluhm Date: Mon, 1 Jul 2024 12:06:45 +0000 Subject: [PATCH] Explicit TLS handshake with syslog client. Add a new TLS handshake callback for incoming connections. This will allow to inspect the client certificate later. For now only print a debug message and check it in regress. with and OK henning@ --- regress/usr.sbin/syslogd/args-client-tls.pl | 2 ++ usr.sbin/syslogd/syslogd.c | 15 ++++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/regress/usr.sbin/syslogd/args-client-tls.pl b/regress/usr.sbin/syslogd/args-client-tls.pl index 2fa726d9ae1..8a385f23bcd 100644 --- a/regress/usr.sbin/syslogd/args-client-tls.pl +++ b/regress/usr.sbin/syslogd/args-client-tls.pl @@ -32,7 +32,9 @@ our %args = ( loggrep => { qr{Keyfile /etc/ssl/private/localhost.key} => 1, qr{Certfile /etc/ssl/localhost.crt} => 1, + qr/Accepting tcp connection/ => 1, qr/syslogd\[\d+\]: tls logger .* accepted/ => 1, + qr/Completed tls handshake/ => 1, qr/syslogd\[\d+\]: tls logger .* connection close/ => 1, }, }, diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c index 112969bb8db..eba53c958a6 100644 --- a/usr.sbin/syslogd/syslogd.c +++ b/usr.sbin/syslogd/syslogd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: syslogd.c,v 1.281 2024/06/29 11:29:55 jsg Exp $ */ +/* $OpenBSD: syslogd.c,v 1.282 2024/07/01 12:06:45 bluhm Exp $ */ /* * Copyright (c) 2014-2021 Alexander Bluhm @@ -314,6 +314,7 @@ int reserve_accept4(int, int, struct event *, void tcp_acceptcb(int, short, void *); void tls_acceptcb(int, short, void *); void acceptcb(int, short, void *, int); +void tls_handshakecb(struct bufferevent *, void *); int octet_counting(struct evbuffer *, char **, int); int non_transparent_framing(struct evbuffer *, char **); void tcp_readcb(struct bufferevent *, void *); @@ -1188,6 +1189,7 @@ acceptcb(int lfd, short event, void *arg, int usetls) close(fd); return; } + p->p_bufev->readcb = tls_handshakecb; buffertls_set(&p->p_buftls, p->p_bufev, p->p_ctx, fd); buffertls_accept(&p->p_buftls, fd); log_debug("tcp accept callback: tls context success"); @@ -1209,6 +1211,17 @@ acceptcb(int lfd, short event, void *arg, int usetls) p->p_ctx ? "tls" : "tcp", peername); } +void +tls_handshakecb(struct bufferevent *bufev, void *arg) +{ + struct peer *p = arg; + + log_debug("Completed tls handshake"); + + bufev->readcb = tcp_readcb; + tcp_readcb(bufev, p); +} + /* * Syslog over TCP RFC 6587 3.4.1. Octet Counting */ -- 2.20.1