Thanks Gregory, I will open a feature request. Appreciate your help. Ramesh
On Tuesday, January 28, 2025 at 12:11:49 PM UTC-8 Gregory Cooke wrote: > Hello, > > Thank you for the extra detail - given that, unfortunately I don't think > there's currently a good solution to what you are asking for. > It would have to be a new feature addition to gRPC - you can open an issue > on github for the feature request. The more evidence we have suggesting > this is a commonly-needed use case, the more likely the feature is to be > implemented. > > On Monday, January 27, 2025 at 6:25:05 PM UTC-5 Rameshreddy Mudhireddy > wrote: > >> hi Gregory, >> >> Thank you for the response. This is for server side. On server side I >> would like log an event/maintain counters when a client authentication >> fails and log details like subject, CN, spiffe, etc from the client >> certificate that was being rejected. >> >> Regarding GRPC_TRACE option, once turned on it will be logging for all >> events but not for a particular event like client connection rejection. >> >> On Monday, January 27, 2025 at 11:32:10 AM UTC-8 Gregory Cooke wrote: >> >>> Hey, >>> >>> Can you please give me a little more detail around exactly what you're >>> trying to do and looking to log? Are you trying to do it server side or >>> client side? >>> >>> In the meanwhile, >>> https://github.com/grpc/grpc/blob/master/TROUBLESHOOTING.md has info >>> about more verbose logging - it further links to all of the GRPC_TRACE >>> values that you can set for more detailed logging as well. >>> >>> On Wednesday, January 15, 2025 at 5:56:15 PM UTC-5 Rameshreddy >>> Mudhireddy wrote: >>> >>>> Hi, >>>> >>>> I need to log cert based authentication failures and I don't see any >>>> hooks available to interact with the SSL handshake at the point of >>>> rejection. I found the following hooks but these seems to be after the >>>> handshake itself. >>>> >>>> 1. TlsServerCredentialsOptions struct has >>>> the set_certificate_verifier() API which is for custom verifications, gets >>>> invoked only after the SSL handshake is completed. >>>> 2. grpc::AuthMetadataProcessor::Process() API is also after the >>>> handshake itself. >>>> 3. C++ interceptors are also after the handshake is completed >>>> (builder.experimental().SetInterceptorCreators()) >>>> >>>> This can be done easily in grpc-go by wrapping >>>> credentials.TransportCredentials and implementing ServerHandshake() API to >>>> capture failures and logging them. >>>> >>>> Is this even possible using gRPC-C++ libs? Please advise. >>>> >>> -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/grpc-io/099dc633-ce29-4601-bbf6-7bf51e75cec0n%40googlegroups.com.
