diff --git a/src/shrpx.cc b/src/shrpx.cc index e7e05455..92046aed 100644 --- a/src/shrpx.cc +++ b/src/shrpx.cc @@ -1348,6 +1348,8 @@ Logging: * $ssl_cipher: cipher used for SSL/TLS connection. * $ssl_protocol: protocol for SSL/TLS connection. * $ssl_session_id: session ID for SSL/TLS connection. + * $ssl_session_reused: "r" if SSL/TLS session was + reused. Otherwise, "." Default: )" << DEFAULT_ACCESSLOG_FORMAT << R"( --errorlog-file= diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc index d3195d88..d59a1d0d 100644 --- a/src/shrpx_config.cc +++ b/src/shrpx_config.cc @@ -389,6 +389,8 @@ std::vector parse_log_format(const char *optarg) { type = SHRPX_LOGF_SSL_PROTOCOL; } else if (util::strieq_l("$ssl_session_id", var_start, varlen)) { type = SHRPX_LOGF_SSL_SESSION_ID; + } else if (util::strieq_l("$ssl_session_reused", var_start, varlen)) { + type = SHRPX_LOGF_SSL_SESSION_REUSED; } else { LOG(WARN) << "Unrecognized log format variable: " << std::string(var_start, varlen); diff --git a/src/shrpx_log.cc b/src/shrpx_log.cc index 69434702..35e5a3cf 100644 --- a/src/shrpx_log.cc +++ b/src/shrpx_log.cc @@ -294,6 +294,14 @@ void upstream_accesslog(const std::vector &lfv, copy_hex_low(lgsp.tls_info->session_id, lgsp.tls_info->session_id_length, avail, p); break; + case SHRPX_LOGF_SSL_SESSION_REUSED: + if (!lgsp.tls_info) { + std::tie(p, avail) = copy("-", avail, p); + break; + } + std::tie(p, avail) = + copy(lgsp.tls_info->session_reused ? "r" : ".", avail, p); + break; case SHRPX_LOGF_NONE: break; default: diff --git a/src/shrpx_log.h b/src/shrpx_log.h index a42fbbc4..1d63e641 100644 --- a/src/shrpx_log.h +++ b/src/shrpx_log.h @@ -119,6 +119,7 @@ enum LogFragmentType { SHRPX_LOGF_SSL_CIPHER, SHRPX_LOGF_SSL_PROTOCOL, SHRPX_LOGF_SSL_SESSION_ID, + SHRPX_LOGF_SSL_SESSION_REUSED, }; struct LogFragment { diff --git a/src/ssl.cc b/src/ssl.cc index bb4018cd..eca2d817 100644 --- a/src/ssl.cc +++ b/src/ssl.cc @@ -114,6 +114,7 @@ TLSSessionInfo *get_tls_session_info(TLSSessionInfo *tls_info, SSL *ssl) { tls_info->protocol = get_tls_protocol(ssl); tls_info->session_id = session->session_id; tls_info->session_id_length = session->session_id_length; + tls_info->session_reused = SSL_session_reused(ssl); return tls_info; } diff --git a/src/ssl.h b/src/ssl.h index 61826e37..c9d4ae3b 100644 --- a/src/ssl.h +++ b/src/ssl.h @@ -53,6 +53,7 @@ struct TLSSessionInfo { const char *cipher; const char *protocol; const uint8_t *session_id; + bool session_reused; size_t session_id_length; };