hi Gregory, Thank you for the response. This is for server side. On server side I would like log an event/maintain counters when a client authentication fails and log details like subject, CN, spiffe, etc from the client certificate that was being rejected.
Regarding GRPC_TRACE option, once turned on it will be logging for all events but not for a particular event like client connection rejection. On Monday, January 27, 2025 at 11:32:10 AM UTC-8 Gregory Cooke wrote: > Hey, > > Can you please give me a little more detail around exactly what you're > trying to do and looking to log? Are you trying to do it server side or > client side? > > In the meanwhile, > https://github.com/grpc/grpc/blob/master/TROUBLESHOOTING.md has info > about more verbose logging - it further links to all of the GRPC_TRACE > values that you can set for more detailed logging as well. > > On Wednesday, January 15, 2025 at 5:56:15 PM UTC-5 Rameshreddy Mudhireddy > wrote: > >> Hi, >> >> I need to log cert based authentication failures and I don't see any >> hooks available to interact with the SSL handshake at the point of >> rejection. I found the following hooks but these seems to be after the >> handshake itself. >> >> 1. TlsServerCredentialsOptions struct has the set_certificate_verifier() >> API which is for custom verifications, gets invoked only after the SSL >> handshake is completed. >> 2. grpc::AuthMetadataProcessor::Process() API is also after the handshake >> itself. >> 3. C++ interceptors are also after the handshake is completed >> (builder.experimental().SetInterceptorCreators()) >> >> This can be done easily in grpc-go by wrapping >> credentials.TransportCredentials and implementing ServerHandshake() API to >> capture failures and logging them. >> >> Is this even possible using gRPC-C++ libs? Please advise. >> > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/grpc-io/f9dae749-9134-4e37-afec-c993d490d002n%40googlegroups.com.
