Hello, Thank you for the extra detail - given that, unfortunately I don't think there's currently a good solution to what you are asking for. It would have to be a new feature addition to gRPC - you can open an issue on github for the feature request. The more evidence we have suggesting this is a commonly-needed use case, the more likely the feature is to be implemented.
On Monday, January 27, 2025 at 6:25:05 PM UTC-5 Rameshreddy Mudhireddy wrote: > hi Gregory, > > Thank you for the response. This is for server side. On server side I > would like log an event/maintain counters when a client authentication > fails and log details like subject, CN, spiffe, etc from the client > certificate that was being rejected. > > Regarding GRPC_TRACE option, once turned on it will be logging for all > events but not for a particular event like client connection rejection. > > On Monday, January 27, 2025 at 11:32:10 AM UTC-8 Gregory Cooke wrote: > >> Hey, >> >> Can you please give me a little more detail around exactly what you're >> trying to do and looking to log? Are you trying to do it server side or >> client side? >> >> In the meanwhile, >> https://github.com/grpc/grpc/blob/master/TROUBLESHOOTING.md has info >> about more verbose logging - it further links to all of the GRPC_TRACE >> values that you can set for more detailed logging as well. >> >> On Wednesday, January 15, 2025 at 5:56:15 PM UTC-5 Rameshreddy Mudhireddy >> wrote: >> >>> Hi, >>> >>> I need to log cert based authentication failures and I don't see any >>> hooks available to interact with the SSL handshake at the point of >>> rejection. I found the following hooks but these seems to be after the >>> handshake itself. >>> >>> 1. TlsServerCredentialsOptions struct has >>> the set_certificate_verifier() API which is for custom verifications, gets >>> invoked only after the SSL handshake is completed. >>> 2. grpc::AuthMetadataProcessor::Process() API is also after the >>> handshake itself. >>> 3. C++ interceptors are also after the handshake is completed >>> (builder.experimental().SetInterceptorCreators()) >>> >>> This can be done easily in grpc-go by wrapping >>> credentials.TransportCredentials and implementing ServerHandshake() API to >>> capture failures and logging them. >>> >>> Is this even possible using gRPC-C++ libs? Please advise. >>> >> -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/grpc-io/a6d2e3e1-dd8f-45c0-93b9-6ecfb7fc5919n%40googlegroups.com.
