78 lines
2.3 KiB
Diff
78 lines
2.3 KiB
Diff
From 26e0163cb890ab688943fa8134b523bd6b6eae04 Mon Sep 17 00:00:00 2001
|
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
Date: Mon, 27 Jun 2022 10:41:04 +0100
|
|
Subject: [PATCH] server: Display kTLS setting in debug output
|
|
|
|
When using -D nbdkit.tls.session=1 display the kTLS
|
|
(kernel-accelerated TLS) setting in the debug output.
|
|
|
|
Thanks: Daiki Ueno
|
|
(cherry picked from commit fd626688845324a4b3c387fa901d96e5d20ea634)
|
|
---
|
|
configure.ac | 1 +
|
|
server/crypto.c | 22 ++++++++++++++++++++++
|
|
2 files changed, 23 insertions(+)
|
|
|
|
diff --git a/configure.ac b/configure.ac
|
|
index d958ff2c..6b446a03 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -636,6 +636,7 @@ AS_IF([test "$GNUTLS_LIBS" != ""],[
|
|
gnutls_group_get_name \
|
|
gnutls_session_set_verify_cert \
|
|
gnutls_srp_server_get_username \
|
|
+ gnutls_transport_is_ktls_enabled \
|
|
])
|
|
LIBS="$old_LIBS"
|
|
])
|
|
diff --git a/server/crypto.c b/server/crypto.c
|
|
index df64e784..51a83b4d 100644
|
|
--- a/server/crypto.c
|
|
+++ b/server/crypto.c
|
|
@@ -53,6 +53,7 @@
|
|
#ifdef HAVE_GNUTLS
|
|
|
|
#include <gnutls/gnutls.h>
|
|
+#include <gnutls/socket.h>
|
|
#include <gnutls/x509.h>
|
|
|
|
static int crypto_auth;
|
|
@@ -531,6 +532,9 @@ debug_session (gnutls_session_t session)
|
|
bool dhe = false, ecdh = false;
|
|
int grp;
|
|
const char *desc, *username, *hint;
|
|
+#ifdef HAVE_GNUTLS_TRANSPORT_IS_KTLS_ENABLED
|
|
+ gnutls_transport_ktls_enable_flags_t ktls_enabled;
|
|
+#endif
|
|
|
|
if (nbdkit_debug_tls_session <= 0)
|
|
return;
|
|
@@ -538,6 +542,24 @@ debug_session (gnutls_session_t session)
|
|
desc = gnutls_session_get_desc (session);
|
|
if (desc) nbdkit_debug ("TLS session: %s", desc);
|
|
|
|
+#ifdef HAVE_GNUTLS_TRANSPORT_IS_KTLS_ENABLED
|
|
+ ktls_enabled = gnutls_transport_is_ktls_enabled (session);
|
|
+ switch (ktls_enabled) {
|
|
+ case GNUTLS_KTLS_RECV:
|
|
+ nbdkit_debug ("TLS: kTLS enabled for receive only"); break;
|
|
+ case GNUTLS_KTLS_SEND:
|
|
+ nbdkit_debug ("TLS: kTLS enabled for send only"); break;
|
|
+ case GNUTLS_KTLS_DUPLEX:
|
|
+ nbdkit_debug ("TLS: kTLS enabled full duplex"); break;
|
|
+ default:
|
|
+ if ((int) ktls_enabled == 0)
|
|
+ nbdkit_debug ("TLS: kTLS disabled");
|
|
+ else
|
|
+ nbdkit_debug ("TLS: kTLS enabled unknown setting: %d",
|
|
+ (int) ktls_enabled);
|
|
+ }
|
|
+#endif
|
|
+
|
|
kx = gnutls_kx_get (session);
|
|
cred = gnutls_auth_get_type (session);
|
|
switch (cred) {
|
|
--
|
|
2.31.1
|
|
|