nghttpx: Add $tls_client_serial log variable

This commit is contained in:
Tatsuhiro Tsujikawa 2017-11-16 21:40:33 +09:00
parent 4720c5cb3d
commit eca0a3025b
5 changed files with 32 additions and 0 deletions

View File

@ -195,6 +195,7 @@ LOGVARS = [
"tls_client_fingerprint_sha1", "tls_client_fingerprint_sha1",
"tls_client_subject_name", "tls_client_subject_name",
"tls_client_issuer_name", "tls_client_issuer_name",
"tls_client_serial",
"backend_host", "backend_host",
"backend_port", "backend_port",
] ]

View File

@ -2502,6 +2502,8 @@ Logging:
certificate. certificate.
* $tls_client_issuer_name: issuer name in client * $tls_client_issuer_name: issuer name in client
certificate. certificate.
* $tls_client_serial: serial number in client
certificate.
* $tls_protocol: protocol for SSL/TLS connection. * $tls_protocol: protocol for SSL/TLS connection.
* $tls_session_id: session ID for SSL/TLS connection. * $tls_session_id: session ID for SSL/TLS connection.
* $tls_session_reused: "r" if SSL/TLS session was * $tls_session_reused: "r" if SSL/TLS session was

View File

@ -498,6 +498,15 @@ LogFragmentType log_var_lookup_token(const char *name, size_t namelen) {
break; break;
} }
break; break;
case 17:
switch (name[16]) {
case 'l':
if (util::strieq_l("tls_client_seria", name, 16)) {
return SHRPX_LOGF_TLS_CLIENT_SERIAL;
}
break;
}
break;
case 18: case 18:
switch (name[17]) { switch (name[17]) {
case 'd': case 'd':

View File

@ -579,6 +579,25 @@ void upstream_accesslog(const std::vector<LogFragment> &lfv,
std::tie(p, last) = copy(name, p, last); std::tie(p, last) = copy(name, p, last);
break; break;
} }
case SHRPX_LOGF_TLS_CLIENT_SERIAL: {
if (!lgsp.ssl) {
std::tie(p, last) = copy('-', p, last);
break;
}
auto x = SSL_get_peer_certificate(lgsp.ssl);
if (!x) {
std::tie(p, last) = copy('-', p, last);
break;
}
auto sn = tls::get_x509_serial(balloc, x);
X509_free(x);
if (sn.empty()) {
std::tie(p, last) = copy('-', p, last);
break;
}
std::tie(p, last) = copy(sn, p, last);
break;
}
case SHRPX_LOGF_BACKEND_HOST: case SHRPX_LOGF_BACKEND_HOST:
if (!downstream_addr) { if (!downstream_addr) {
std::tie(p, last) = copy('-', p, last); std::tie(p, last) = copy('-', p, last);

View File

@ -141,6 +141,7 @@ enum LogFragmentType {
SHRPX_LOGF_TLS_CLIENT_FINGERPRINT_SHA1, SHRPX_LOGF_TLS_CLIENT_FINGERPRINT_SHA1,
SHRPX_LOGF_TLS_CLIENT_FINGERPRINT_SHA256, SHRPX_LOGF_TLS_CLIENT_FINGERPRINT_SHA256,
SHRPX_LOGF_TLS_CLIENT_ISSUER_NAME, SHRPX_LOGF_TLS_CLIENT_ISSUER_NAME,
SHRPX_LOGF_TLS_CLIENT_SERIAL,
SHRPX_LOGF_TLS_CLIENT_SUBJECT_NAME, SHRPX_LOGF_TLS_CLIENT_SUBJECT_NAME,
SHRPX_LOGF_BACKEND_HOST, SHRPX_LOGF_BACKEND_HOST,
SHRPX_LOGF_BACKEND_PORT, SHRPX_LOGF_BACKEND_PORT,