Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / third_party / tlsdate / refs/heads/stabilize-12871.65.B^! / .
commitd9dd19dc919e17b4350801ca2f1373cbdc282f78[log] [tgz]
authorPavol Marko <pmarko@google.com>Fri Jan 17 23:32:57 2020 +0100
committerCommit Bot <commit-bot@chromium.org>Fri Jan 24 15:27:55 2020 +0000
treede4947efc82975457c30f645e4260a72ee804e59
parent2ca145706583023290e16de03f77de2eba3e4c83 [diff]
tlsdate: Improve logging

Improve tlsdate logging to make it easier to discover errors in
tlsdate.log:
(*) Make sure that die() prints to syslog too.
(*) Log IPv4/IPv6 address that tlsdate is connecting to.
(*) Verbose-log a few more steps.

BUG=chromium:1043315
TEST=will run tlsdate on kevin device with and without network connectivity

Change-Id: I2010fc94e39c0fa6a90a4921d93b6e82f9e35cfd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/tlsdate/+/2007635
Tested-by: Pavol Marko <pmarko@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Commit-Queue: Pavol Marko <pmarko@chromium.org>

diff --git a/src/tlsdate-helper.c b/src/tlsdate-helper.c
index e141785..5821dd9 100644
--- a/src/tlsdate-helper.c
+++ b/src/tlsdate-helper.c

@@ -176,6 +176,26 @@
   return bio_proxy;
 }
 
+static void
+addr_to_str (const struct sockaddr *addr, char* dest,
+                         socklen_t size)
+{
+  struct sockaddr_in* addr_ipv4 = NULL;
+  struct sockaddr_in6* addr_ipv6 = NULL;
+  memset (dest, '\0', size);
+  if (addr->sa_family == AF_INET) {
+    addr_ipv4 = (struct sockaddr_in*)addr;
+    inet_ntop (AF_INET, &addr_ipv4->sin_addr, dest, size);
+    return;
+  }
+  if (addr->sa_family == AF_INET6) {
+    addr_ipv6 = (struct sockaddr_in6*)addr;
+    inet_ntop (AF_INET6, &addr_ipv6->sin6_addr, dest, size);
+    return;
+  }
+  verb ("V: unknown sa_family %hu\n", addr->sa_family);
+}
+
 /* Connects to |host| on port |port|.
  * Returns the socket file descriptor if successful, otherwise exits with
  * failure.
@@ -189,6 +209,10 @@
       .ai_family = AF_UNSPEC,
       .ai_socktype = SOCK_STREAM,
   };
+  // Use INET6_ADDRSTRLEN for the buffer holding IP addresses as it will always
+  // be longer than INET_ADDRSTRLEN.
+  char addr_str_buf[INET6_ADDRSTRLEN];
+  memset (addr_str_buf, '\0', INET6_ADDRSTRLEN);
 
   err = getaddrinfo (host, port, &hints, &ai);
 
@@ -197,6 +221,8 @@
 
   for (cai = ai; cai; cai = cai->ai_next)
   {
+    addr_to_str (cai->ai_addr, addr_str_buf, INET6_ADDRSTRLEN);
+    verb ("V: attempting to connect to %s\n", addr_str_buf);
     sock = socket (cai->ai_family, SOCK_STREAM, 0);
     if (sock < 0)
     {
@@ -858,8 +884,10 @@
     die ("BIO_new_fp returned error, possibly: %s", strerror (errno));
   // This should run in seccomp
   // eg:     prctl(PR_SET_SECCOMP, 1);
+  verb ("V: BIO_do_connect\n");
   if (1 != BIO_do_connect (s_bio)) // XXX TODO: BIO_should_retry() later?
     die ("SSL connection failed\n");
+  verb ("V: BIO_do_handshake\n");
   if (1 != BIO_do_handshake (s_bio))
     die ("SSL handshake failed\n");
   // Verify the peer certificate against the CA certs on the local system

diff --git a/src/util.c b/src/util.c
index 0486adb..90711c9 100644
--- a/src/util.c
+++ b/src/util.c

@@ -32,6 +32,9 @@
   va_start (ap, fmt);
   vfprintf (stderr, fmt, ap);
   va_end (ap);
+  va_start (ap, fmt);
+  vsyslog (LOG_ERR, fmt, ap);
+  va_end (ap);
   exit (1);
 }