[stunnel-users] Server side logging, no connection details logged
Bucci, David G
david.g.bucci at lmco.com
Wed Sep 22 18:25:11 CEST 2010
More details, and checking the source code ... messages are being output during engine setup and such (all the msgs that should be logged during verification_init() in verify.c), but none of the messages from verify_callback().
We have verify = 2, debug = 7, and CAfile set (and during startup we see a msg that the CAfile is successfully read. The verification is in fact working correctly - when we pass in a self-signed cert, the connection is denied (and we see a "certificate bad" message in the client's log), but when we pass in a valid cert, it's accepted. In neither case do we see any msgs in the server's log.
The exact msgs we want are there in verify.c/verify_callback() -- the subject name listed for rejected and accepted certs, it looks like LOG_INFO should be enough, but we're simply not seeing any msgs.
From: stunnel-users-bounces at mirt.net [mailto:stunnel-users-bounces at mirt.net] On Behalf Of Bucci, David G
Sent: Tuesday, September 21, 2010 11:26 AM
To: stunnel-users at mirt.net
Subject: [stunnel-users] Server side logging, no connection details logged
Hi - using Stunnel to enforce client certificate based authentication, and as part of that, we want to log accesses, and the CN used to access, on the server side (kind of an audit log).
On the client side, with debug set to 7, we get details about the connection, the SSL steps in the handshake, etc. - but on the server side, even with debug = 7, we're not seeing any info at all about the connections that are occurring.
Sooo ... is there a way to enable such logging on the server side of the tunnel? Or possibly turn on independent logging in the OpenSSL libs that are used? I looked, but haven't found anything online about this.
David G. Bucci
If you can't say anything nice, at least have the decency to be vague.
stunnel-users mailing list
stunnel-users at mirt.net
More information about the stunnel-users