From 1150293f4ee7bdb8ddb8e0f304cea8f57ebb12ea Mon Sep 17 00:00:00 2001
From: Michal Simon <michal.simon@cern.ch>
Date: Tue, 8 Oct 2019 12:42:33 +0200
Subject: [PATCH] [XrdCl] Set a message callback for TLS layer for logging
 purposes.

---
 src/XrdCl/XrdClConstants.hh  |  1 +
 src/XrdCl/XrdClDefaultEnv.cc |  1 +
 src/XrdCl/XrdClSocket.cc     |  4 ++-
 src/XrdCl/XrdClTls.cc        | 54 ++++++++++++++++++++++++++++++++++--
 4 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/src/XrdCl/XrdClConstants.hh b/src/XrdCl/XrdClConstants.hh
index caea25aca5c..2ae7561b01d 100644
--- a/src/XrdCl/XrdClConstants.hh
+++ b/src/XrdCl/XrdClConstants.hh
@@ -39,6 +39,7 @@ namespace XrdCl
   const uint64_t JobMgrMsg          = 0x0000000000000400ULL;
   const uint64_t PlugInMgrMsg       = 0x0000000000000800ULL;
   const uint64_t ExDbgMsg           = 0x0000000000001000ULL; //special type debugging extra-hard problems
+  const uint64_t TlsMsg             = 0x0000000000002000ULL;
 
   //----------------------------------------------------------------------------
   // Environment settings
diff --git a/src/XrdCl/XrdClDefaultEnv.cc b/src/XrdCl/XrdClDefaultEnv.cc
index 4c96054ba3f..9c1810dd874 100644
--- a/src/XrdCl/XrdClDefaultEnv.cc
+++ b/src/XrdCl/XrdClDefaultEnv.cc
@@ -827,6 +827,7 @@ namespace XrdCl
     log->SetTopicName( JobMgrMsg,          "JobMgr" );
     log->SetTopicName( PlugInMgrMsg,       "PlugInMgr" );
     log->SetTopicName( ExDbgMsg,           "ExDbgMsg" );
+    log->SetTopicName( TlsMsg,             "TlsMsg" );
   }
 
 }
diff --git a/src/XrdCl/XrdClSocket.cc b/src/XrdCl/XrdClSocket.cc
index e489753b52b..74d808fa68e 100644
--- a/src/XrdCl/XrdClSocket.cc
+++ b/src/XrdCl/XrdClSocket.cc
@@ -755,7 +755,9 @@ namespace XrdCl
     }
     catch( std::exception& ex )
     {
-      return Status( stError, errTlsError );
+      // the exception has been thrown when we tried to create
+      // the TLS context
+      return Status( stFatal, errTlsError );
     }
 
     return Status();
diff --git a/src/XrdCl/XrdClTls.cc b/src/XrdCl/XrdClTls.cc
index 797051768b8..b2f6c63b7e2 100644
--- a/src/XrdCl/XrdClTls.cc
+++ b/src/XrdCl/XrdClTls.cc
@@ -19,15 +19,58 @@
 #include "XrdCl/XrdClTls.hh"
 #include "XrdCl/XrdClPoller.hh"
 #include "XrdCl/XrdClSocket.hh"
+#include "XrdCl/XrdClDefaultEnv.hh"
+#include "XrdCl/XrdClLog.hh"
+#include "XrdCl/XrdClConstants.hh"
 
+#include "XrdTls/XrdTls.hh"
 #include "XrdTls/XrdTlsContext.hh"
 
 namespace
 {
+  //------------------------------------------------------------------------
+  // Helper class for setting the message callback for the TLS layer for
+  // logging purposes
+  //------------------------------------------------------------------------
+  struct SetTlsMsgCB
+  {
+    //----------------------------------------------------------------------
+    // The message callback
+    //----------------------------------------------------------------------
+    static void MsgCallBack(const char *tid, const char *msg, bool sslmsg)
+    {
+      XrdCl::Log *log = XrdCl::DefaultEnv::GetLog();
+      if( sslmsg )
+        log->Debug( XrdCl::TlsMsg, "[%s] %s", tid, msg );
+      else
+        log->Error( XrdCl::TlsMsg, "[%s] %s", tid, msg );
+    }
+
+    inline static void Once()
+    {
+      static SetTlsMsgCB instance;
+    }
+
+    private:
+
+      //--------------------------------------------------------------------
+      // Constructor. Sets the callback, there should be only one static
+      // instance
+      //--------------------------------------------------------------------
+      inline SetTlsMsgCB()
+      {
+        XrdTls::SetMsgCB( MsgCallBack );
+      }
+  };
+
+  //------------------------------------------------------------------------
+  // Helper function for setting the CA directory in TLS context
+  //------------------------------------------------------------------------
   static const char* GetCaDir()
   {
-    const char *envval = getenv("X509_CERT_DIR");
-    static const std::string cadir = envval ? envval : "/etc/grid-security/certificates";;
+    static const char *envval = getenv("X509_CERT_DIR");
+    static const std::string cadir = envval ? envval :
+                                     "/etc/grid-security/certificates";
     return cadir.c_str();
   }
 }
@@ -39,6 +82,13 @@ namespace XrdCl
   //------------------------------------------------------------------------
   Tls::Tls( Socket *socket, AsyncSocketHandler *socketHandler ) : pSocket( socket ), pTlsHSRevert( None ), pSocketHandler( socketHandler )
   {
+    //----------------------------------------------------------------------
+    // Set the message callback for TLS layer
+    //----------------------------------------------------------------------
+    SetTlsMsgCB::Once();
+    //----------------------------------------------------------------------
+    // we only need one instance of TLS
+    //----------------------------------------------------------------------
     static XrdTlsContext tlsContext( 0, 0, GetCaDir(), 0, 0 );
     //----------------------------------------------------------------------
     // If the context is not valid throw an exception! We throw generic