Merge pull request #1726 from pbiering/extend-https-info

Extend https info in log
2025-04-03 21:27:36 +03:00 · 2025-03-08 17:04:43 +01:00 · 2025-03-08 17:04:43 +01:00 · 30664f9346
commit 30664f9346
parent ebe0418a4c 36aba7a8b9
3 changed files with 12 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,6 +14,7 @@
 * Review: Apache reverse proxy config example
 * Add: on-the-fly link activation and default content adjustment in case of bundled InfCloud (tested with 0.13.1)
 * Adjust: [auth] imap: use AUTHENTICATE PLAIN instead of LOGIN towards remote IMAP server
+* Improve: log client IP on SSL error and SSL protocol+cipher if successful

 ## 3.4.1
 * Add: option [auth] dovecot_connection_type / dovecot_host / dovecot_port
--- a/radicale/app/init.py
+++ b/radicale/app/init.py
@ -150,6 +150,7 @@ class Application(ApplicationPartDelete, ApplicationPartHead,
        time_begin = datetime.datetime.now()
        request_method = environ["REQUEST_METHOD"].upper()
        unsafe_path = environ.get("PATH_INFO", "")
+        https = environ.get("HTTPS", "")

        """Manage a request."""
        def response(status: int, headers: types.WSGIResponseHeaders,
@ -210,9 +211,13 @@ class Application(ApplicationPartDelete, ApplicationPartHead,
        depthinfo = ""
        if environ.get("HTTP_DEPTH"):
            depthinfo = " with depth %r" % environ["HTTP_DEPTH"]
-        logger.info("%s request for %r%s received from %s%s",
+        if https:
+            https_info = " " + environ.get("SSL_PROTOCOL", "") + " " + environ.get("SSL_CIPHER", "")
+        else:
+            https_info = ""
+        logger.info("%s request for %r%s received from %s%s%s",
                    request_method, unsafe_path, depthinfo,
-                    remote_host, remote_useragent)
+                    remote_host, remote_useragent, https_info)
        if self._request_header_on_debug:
            logger.debug("Request header:\n%s",
                         pprint.pformat(self._scrub_headers(environ)))
--- a/radicale/server.py
+++ b/radicale/server.py
@ -3,7 +3,7 @@
 # Copyright © 2008 Pascal Halter
 # Copyright © 2008-2017 Guillaume Ayoub
 # Copyright © 2017-2023 Unrud <unrud@outlook.com>
-# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
+# Copyright © 2024-2025 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -262,6 +262,9 @@ class RequestHandler(wsgiref.simple_server.WSGIRequestHandler):
    def get_environ(self) -> Dict[str, Any]:
        env = super().get_environ()
        if isinstance(self.connection, ssl.SSLSocket):
+            env["HTTPS"] = "on"
+            env["SSL_CIPHER"] = self.request.cipher()[0]
+            env["SSL_PROTOCOL"] = self.request.version()
            # The certificate can be evaluated by the auth module
            env["REMOTE_CERTIFICATE"] = self.connection.getpeercert()
        # Parent class only tries latin1 encoding