- Add log message, at verbosity 4, that says the query is encrypted

with TLS, if that is enabled for the query. git-svn-id: file:///svn/unbound/trunk@5136 be551aaa-1e26-0410-a405-d3ace91eadb9
2026-01-17 20:22:54 -05:00 · 2019-03-18 08:41:39 +00:00 · 2019-03-18 08:41:39 +00:00 · bb5251da66
commit bb5251da66
parent bfd0c5ec85
2 changed files with 8 additions and 0 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,3 +1,7 @@
+18 March 2019: Wouter
+	- Add log message, at verbosity 4, that says the query is encrypted
+	  with TLS, if that is enabled for the query.
+
 7 March 2019: Wouter
 	- Fix for #4233: guard use of NDEBUG, so that it can be passed in
 	  CFLAGS into configure.
--- a/services/outside_network.c
+++ b/services/outside_network.c
@ -364,6 +364,8 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
 			comm_point_close(pend->c);
 			return 0;
 		}
+		verbose(VERB_ALGO, "the query is using TLS encryption, for %s",
+			(w->tls_auth_name?w->tls_auth_name:"an unauthenticated connection"));
 #ifdef USE_WINSOCK
 		comm_point_tcp_win_bio_cb(pend->c, pend->c->ssl);
 #endif
@ -404,6 +406,8 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
 			}
 			SSL_set_verify(pend->c->ssl, SSL_VERIFY_PEER, NULL);
 		}
+#else
+		verbose(VERB_ALGO, "the query has an auth_name, but libssl has no call to perform TLS authentication");
 #endif /* HAVE_SSL_SET1_HOST */
 	}
 	w->pkt = NULL;