Add connection cipher info to pathod server log

libpathod/pathod.py

@@ -53,7 +53,7 @@ class PathodHandler(tcp.BaseHandler):
     def handle_sni(self, connection):
         self.sni = connection.get_servername()
 
-    def serve_crafted(self, crafted, request_log):
+    def serve_crafted(self, crafted):
         c = self.server.check_policy(crafted, self.server.request_settings)
         if c:
             err = language.make_error_response(c)
@@ -68,14 +68,9 @@ class PathodHandler(tcp.BaseHandler):
             crafted = crafted.freeze(self.server.request_settings, None)
             self.info(">> Spec: %s"%crafted.spec())
         response_log = language.serve(crafted, self.wfile, self.server.request_settings, None)
-        log = dict(
-                type = "crafted",
-                request=request_log,
-                response=response_log
-            )
         if response_log["disconnect"]:
-            return False, log
+            return False, response_log
-        return True, log
+        return True, response_log
 
     def handle_request(self):
         """
@@ -141,15 +136,21 @@ class PathodHandler(tcp.BaseHandler):
                 keyinfo = self.clientcert.keyinfo,
             )
 
-        request_log = dict(
+        retlog = dict(
+            type = "crafted",
+            request = dict(
                 path = path,
                 method = method,
                 headers = headers.lst,
                 httpversion = httpversion,
                 sni = self.sni,
                 remote_address = self.address(),
-            clientcert = clientcert
+                clientcert = clientcert,
+            ),
+            cipher = None,
         )
+        if self.ssl_established:
+            retlog["cipher"] = self.get_current_cipher()
 
         try:
             content = http.read_http_body(
@@ -164,7 +165,8 @@ class PathodHandler(tcp.BaseHandler):
             if i[0].match(path):
                 self.info("crafting anchor: %s"%path)
                 aresp = language.parse_response(self.server.request_settings, i[1])
-                return self.serve_crafted(aresp, request_log)
+                again, retlog["response"] = self.serve_crafted(aresp)
+                return again, retlog
 
         if not self.server.nocraft and path.startswith(self.server.craftanchor):
             spec = urllib.unquote(path)[len(self.server.craftanchor):]
@@ -177,7 +179,8 @@ class PathodHandler(tcp.BaseHandler):
                         "Parse Error",
                         "Error parsing response spec: %s\n"%v.msg + v.marked()
                     )
-            return self.serve_crafted(crafted, request_log)
+            again, retlog["response"] = self.serve_crafted(crafted)
+            return again, retlog
         elif self.server.noweb:
             crafted = language.make_error_response("Access Denied")
             language.serve(crafted, self.wfile, self.server.request_settings)

test/test_pathod.py

@@ -94,7 +94,7 @@ class TestNohang(tutils.DaemonTests):
         r = self.get("200:p0,0")
         assert r.status_code == 800
         l = self.d.last_log()
-        assert "Pauses have been disabled" in l["msg"]
+        assert "Pauses have been disabled" in l["response"]["msg"]
 
 
 class TestHexdump(tutils.DaemonTests):
@@ -113,7 +113,7 @@ class CommonTests(tutils.DaemonTests):
         r = self.get("200:b@1g")
         assert r.status_code == 800
         l = self.d.last_log()
-        assert "too large" in l["msg"]
+        assert "too large" in l["response"]["msg"]
 
     def test_preline(self):
         r = self.pathoc(r"get:'/p/200':i0,'\r\n'")
@@ -219,3 +219,10 @@ class TestDaemonSSL(CommonTests):
         assert l["type"] == "error"
         assert "SSL" in l["msg"]
 
+    def test_ssl_cipher(self):
+        r = self.pathoc(r"get:/p/202")
+        assert r.status_code == 202
+        assert self.d.last_log()["cipher"][1] > 0
+
+
+