Content-Length: 353736 | pFad | https://github.com/h2o/h2o/pull/1147

EE log session_id by yannick · Pull Request #1147 · h2o/h2o · GitHub
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

log session_id #1147

Closed
wants to merge 9 commits into from
Closed

log session_id #1147

wants to merge 9 commits into from

Conversation

yannick
Copy link
Contributor

@yannick yannick commented Dec 21, 2016

it should be possible to log the TLS session_id, this PR implements that.

however i'm unsure if its the right way and if the case statement is needed

@yannick yannick closed this Dec 21, 2016
@yannick yannick reopened this Dec 21, 2016
@yannick
Copy link
Contributor Author

yannick commented Dec 21, 2016

trying a rebuild, i don't understand why this aborted.
@kazuho if you could comment on h2o_socket_log_ssl_session_id it would be helpful. i'm pretty sure a few things can be simplified or the socket maybe needs to get taken out via a different path

@yannick yannick mentioned this pull request Dec 30, 2016
Closed
kazuho
kazuho reviewed Jan 5, 2017
View reviewed changes
Copy link
Member

@kazuho kazuho left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the PR. This is a nice addition to H2O, and the code looks mostly good to me.

I've left some comments in-line. Please adjust the code or let me know what you think.

lib/common/socket.c

switch (sock->ssl->handshake.server.async_resumption.state) {
case ASYNC_RESUMPTION_STATE_COMPLETE:
id = SSL_SESSION_get_id(sock->ssl->ssl->session, &id_len);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use SSL_get_session to avoid issues with OpenSSL 1.1.0 (IIRC direct access to members is forbidden in 1.1.x).

Also, I believe that there's a chance for the session pointer to be NULL, and think that doing a NULL check is necessary.

lib/common/socket.c
switch (sock->ssl->handshake.server.async_resumption.state) {
case ASYNC_RESUMPTION_STATE_COMPLETE:
id = SSL_SESSION_get_id(sock->ssl->ssl->session, &id_len);
#define BASE64_LENGTH(len) (((len) + 2) / 3 * 4 + 1)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about promoting this macro into a inline function defined in string_.h?

Regarding the name of the inline function, I think it should be named something like h2o_base64_encode_capacity or something that reflect the fact that the returned value is not the exact number of bytes required to store the output. The returned value always takes trailing = and NUL character into account.

lib/common/socket.c
key.len = h2o_base64_encode(key.base, id, id_len, 1);
return key;
default:
return h2o_iovec_init(H2O_STRLIT("INVALID_SESSION_ID"));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should return - in case the session ID does not exist. - is the character used to express the absense of the values in the access log.

yannick added 2 commits January 6, 2017 19:02
@yannick
h2o_base64_encode_capacity function (wip)
0510435 
missing: <<The returned value always takes trailing = and NUL character into account.>>
@yannick
cleanup session id logging
f05e9c7 
- get session via SSL_get1_session
- check for empty session
- use "-" for nil log entry
@yannick
Copy link
Contributor Author

yannick commented Jan 14, 2017

i tried to fix the issues, but i'm unsure about the correct algo for h2o_base64_encode_capacity.

http://stackoverflow.com/questions/1533113/calculate-the-size-to-a-base-64-encoded-message
suggests:
((len * 4) / 3) + (len / 96) + 6

parly and others added 6 commits January 14, 2017 17:12
@parly @yannick
Remove mruby-tempfile dependency
902c21c
@yannick
fix parsing of quality
fa5b6e1 
fixes h2o#1151
@deweerdt @yannick
HTTP/1 to HTTP/2 upgrade path leak
ab14342 
missing cleanup when the connection upgrade fails
@deweerdt @yannick
HTTP/1 -> HTTP/2 upgrade path fd leak
cf56637 
On upgrade error, make sure we're closing the HTTP/1 socket before
giving control to the HTTP/2 error handling.
@kazuho @yannick
add failing test for %{set-cookie}o
b2a1412
@kazuho @yannick
concatenate %{set-cookie}o since Apache does
55279f6
@yannick yannick mentioned this pull request Jan 14, 2017
Merged
@yannick
Copy link
Contributor Author

yannick commented Jan 14, 2017
edited
Loading

moved to #1164 , sorry for the mess

@yannick yannick closed this Jan 14, 2017
@yannick yannick deleted the log-session-id branch March 16, 2017 23:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kazuho kazuho kazuho left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@yannick @kazuho @parly @deweerdt








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: https://github.com/h2o/h2o/pull/1147

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy