Date: Sun, 3 May 2020 21:59:40 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r360615 - in projects/nfs-over-tls/usr.sbin: rpctlscd rpctlssd Message-ID: <202005032159.043Lxe1L014904@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Sun May 3 21:59:40 2020 New Revision: 360615 URL: https://svnweb.freebsd.org/changeset/base/360615 Log: Fix handling of ktls not enabled in the daemons. Also, fix a case in the client daemon where it did not obey the "-d" option properly. Modified: projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Modified: projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c ============================================================================== --- projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c Sun May 3 18:46:03 2020 (r360614) +++ projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c Sun May 3 21:59:40 2020 (r360615) @@ -579,10 +579,18 @@ rpctls_connect(SSL_CTX *ctx, int s) NULL, 0); cp2 = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); - syslog(LOG_INFO | LOG_DAEMON, "rpctls_connect: client" - " IP %s issuerName=%s subjectName=%s verify " - "failed %s\n", hostnam, cp, cp2, - X509_verify_cert_error_string(ret)); + if (rpctls_debug_level == 0) + syslog(LOG_INFO | LOG_DAEMON, + "rpctls_connect: client IP %s " + "issuerName=%s subjectName=%s verify " + "failed %s\n", hostnam, cp, cp2, + X509_verify_cert_error_string(ret)); + else + fprintf(stderr, + "rpctls_connect: client IP %s " + "issuerName=%s subjectName=%s verify " + "failed %s\n", hostnam, cp, cp2, + X509_verify_cert_error_string(ret)); } SSL_free(ssl); return (NULL); @@ -595,12 +603,14 @@ rpctls_connect(SSL_CTX *ctx, int s) ret = BIO_get_ktls_recv(SSL_get_rbio(ssl)); rpctlscd_verbose_out("rpctls_connect: BIO_get_ktls_recv=%d\n", ret); } -#ifdef notnow if (ret == 0) { + if (rpctls_debug_level == 0) + syslog(LOG_ERR, "ktls not working\n"); + else + fprintf(stderr, "ktls not working\n"); SSL_free(ssl); return (NULL); } -#endif return (ssl); } Modified: projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c ============================================================================== --- projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Sun May 3 18:46:03 2020 (r360614) +++ projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Sun May 3 21:59:40 2020 (r360615) @@ -672,12 +672,17 @@ rpctlssd_verbose_out("%s\n", cp2); ret = BIO_get_ktls_recv(SSL_get_rbio(ssl)); rpctlssd_verbose_out("rpctls_server: BIO_get_ktls_recv=%d\n", ret); } -#ifdef notnow if (ret == 0) { - SSL_free(ssl); - return (NULL); + if (rpctls_debug_level == 0) + syslog(LOG_ERR, "ktls not working\n"); + else + fprintf(stderr, "ktls not working\n"); + /* + * The handshake has completed, so all that can be + * done is disable the connection. + */ + *flags |= RPCTLS_FLAGS_DISABLED; } -#endif return (ssl); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005032159.043Lxe1L014904>