Add TLS cipher information to log output and received header in node …

…>= 0.8

connection.js

@@ -1031,8 +1031,12 @@ Connection.prototype.received_line = function() {
     // Implement RFC3848
     if (this.using_tls)  smtp = smtp + 'S';
     if (this.authheader) smtp = smtp + 'A';
-    // TODO - populate authheader and sslheader - see qpsmtpd for how to.
-    // sslheader is not possible with TLS support in node yet.
+    // sslheader only populated with node.js >= 0.8
+    if (this.notes.tls && this.notes.tls.cipher) {
+        var sslheader = '(version=' + this.notes.tls.cipher.version + 
+            ' cipher=' + this.notes.tls.cipher.name + 
+            ' verify=' + ((this.notes.tls.authorized) ? 'OK' : 'FAIL') + ')';
+    }
     return [
         'from ',
             // If no rDNS then use an IP literal here
@@ -1043,9 +1047,9 @@ Connection.prototype.received_line = function() {
             'by ', config.get('me'), ' (Haraka/', version, ') with ', smtp, 
             ' id ', this.transaction.uuid, 
         "\n\t",
-            '(envelope-from ', this.transaction.mail_from.format(), ')',
-            // ((this.sslheader) ? ' ' + this.sslheader.replace(/\r?\n\t?$/,'') : ''), 
+            'envelope-from ', this.transaction.mail_from.format(),
             ((this.authheader) ? ' ' + this.authheader.replace(/\r?\n\t?$/, '') : ''),
+            ((sslheader) ? "\n\t" + sslheader.replace(/\r?\n\t?$/,'') : ''),
         ";\n\t", date_to_str(new Date())
     ].join('');
 };

plugins/tls.js

@@ -28,16 +28,19 @@ exports.hook_unrecognized_command = function (next, connection, params) {
         connection.respond(220, "Go ahead.");
         /* Upgrade the connection to TLS. */
         var self = this;
-        connection.client.upgrade(options, function (authorized, verifyError, cert) {
+        connection.client.upgrade(options, function (authorized, verifyError, cert, cipher) {
             connection.reset_transaction();
             connection.hello_host = undefined;
             connection.using_tls = true;
             connection.notes.tls = { 
                 authorized: authorized,
                 authorizationError: verifyError,
                 peerCertificate: cert,
+                cipher: cipher
             };
-            connection.loginfo(self, 'secured: verified=' + authorized +
+            connection.loginfo(self, 'secured:' +
+                ((cipher) ? ' cipher=' + cipher.name + ' version=' + cipher.version : '') + 
+                ' verified=' + authorized +
                 ((verifyError) ? ' error="' + verifyError + '"' : '' ) +
                 ((cert && cert.subject) ? ' cn="' + cert.subject.CN + '"' + 
                 ' organization="' + cert.subject.O + '"' : '') +

tls_socket.js

@@ -186,11 +186,11 @@ function createServer(cb) {
                     cleartext.authorized = true;
                 }
                 var cert = pair.cleartext.getPeerCertificate();
-                // TODO: this is available in 0.8
-                // var cipher = pair.cleartext.getCipher();
-
+                if (pair.cleartext.getCipher) {
+                    var cipher = pair.cleartext.getCipher();
+                }
                 socket.emit('secure');
-                if (cb) cb(cleartext.authorized, verifyError, cert);
+                if (cb) cb(cleartext.authorized, verifyError, cert, cipher);
             });
 
             cleartext._controlReleased = true;