opened a Feature Request https://github.com/grpc/grpc/issues/38665
Regards Ramesh On Friday, January 31, 2025 at 8:21:37 AM UTC-8 Rameshreddy Mudhireddy wrote: > Thanks Gregory, I will open a feature request. Appreciate your help. > > Ramesh > > On Tuesday, January 28, 2025 at 12:11:49 PM UTC-8 Gregory Cooke wrote: > >> Hello, >> >> Thank you for the extra detail - given that, unfortunately I don't think >> there's currently a good solution to what you are asking for. >> It would have to be a new feature addition to gRPC - you can open an >> issue on github for the feature request. The more evidence we have >> suggesting this is a commonly-needed use case, the more likely the feature >> is to be implemented. >> >> On Monday, January 27, 2025 at 6:25:05 PM UTC-5 Rameshreddy Mudhireddy >> wrote: >> >>> hi Gregory, >>> >>> Thank you for the response. This is for server side. On server side I >>> would like log an event/maintain counters when a client authentication >>> fails and log details like subject, CN, spiffe, etc from the client >>> certificate that was being rejected. >>> >>> Regarding GRPC_TRACE option, once turned on it will be logging for all >>> events but not for a particular event like client connection rejection. >>> >>> On Monday, January 27, 2025 at 11:32:10 AM UTC-8 Gregory Cooke wrote: >>> >>>> Hey, >>>> >>>> Can you please give me a little more detail around exactly what you're >>>> trying to do and looking to log? Are you trying to do it server side or >>>> client side? >>>> >>>> In the meanwhile, >>>> https://github.com/grpc/grpc/blob/master/TROUBLESHOOTING.md has info >>>> about more verbose logging - it further links to all of the GRPC_TRACE >>>> values that you can set for more detailed logging as well. >>>> >>>> On Wednesday, January 15, 2025 at 5:56:15 PM UTC-5 Rameshreddy >>>> Mudhireddy wrote: >>>> >>>>> Hi, >>>>> >>>>> I need to log cert based authentication failures and I don't see any >>>>> hooks available to interact with the SSL handshake at the point of >>>>> rejection. I found the following hooks but these seems to be after the >>>>> handshake itself. >>>>> >>>>> 1. TlsServerCredentialsOptions struct has >>>>> the set_certificate_verifier() API which is for custom verifications, >>>>> gets >>>>> invoked only after the SSL handshake is completed. >>>>> 2. grpc::AuthMetadataProcessor::Process() API is also after the >>>>> handshake itself. >>>>> 3. C++ interceptors are also after the handshake is completed >>>>> (builder.experimental().SetInterceptorCreators()) >>>>> >>>>> This can be done easily in grpc-go by wrapping >>>>> credentials.TransportCredentials and implementing ServerHandshake() API >>>>> to >>>>> capture failures and logging them. >>>>> >>>>> Is this even possible using gRPC-C++ libs? Please advise. >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/grpc-io/1c1c8509-cd75-4226-a4a7-9d4b867abc0en%40googlegroups.com.
