Improve messages logging

src/tcp_relay_server/relay_ws.rs

@@ -196,11 +196,16 @@ pub async fn relay_ws(
         tcp_write,
         hb: Instant::now(),
     };
+
     let resp = ws::start(relay, &req, stream);
     log::info!(
-        "Opening new WS connection for {:?} to {}",
+        "Opening new WS connection:\
+         * for {:?}\
+         * to {}\
+         * token {:?}",
         req.peer_addr(),
-        upstream_addr
+        upstream_addr,
+        query.token
     );
     resp
 }

src/tcp_relay_server/tls_cert_client_verifier.rs

@@ -1,9 +1,9 @@
 use std::sync::Arc;
 use std::time::SystemTime;
 
+use rustls::{Certificate, DistinguishedNames, Error, RootCertStore};
 use rustls::internal::msgs::enums::AlertDescription;
 use rustls::server::{AllowAnyAuthenticatedClient, ClientCertVerified, ClientCertVerifier};
-use rustls::{Certificate, DistinguishedNames, Error, RootCertStore};
 use x509_parser::prelude::{CertificateRevocationList, FromDer, X509Certificate};
 
 use crate::base::cert_utils::parse_pem_certificates;
@@ -86,14 +86,14 @@ impl ClientCertVerifier for CustomCertClientVerifier {
         intermediates: &[Certificate],
         now: SystemTime,
     ) -> Result<ClientCertVerified, Error> {
+        let (_rem, cert) =
+            X509Certificate::from_der(&end_entity.0).expect("Failed to read certificate!");
+
         // Check the certificates sent by the client has been revoked
         if let Some(crl) = &self.crl {
             let (_rem, crl) =
                 CertificateRevocationList::from_der(crl).expect("Failed to read CRL!");
 
-            let (_rem, cert) =
-                X509Certificate::from_der(&end_entity.0).expect("Failed to read certificate!");
-
             for revoked in crl.iter_revoked_certificates() {
                 if revoked.user_certificate == cert.serial {
                     log::error!(
@@ -106,7 +106,24 @@ impl ClientCertVerifier for CustomCertClientVerifier {
             }
         }
 
-        self.upstream_cert_verifier
-            .verify_client_cert(end_entity, intermediates, now)
+        let result = self
+            .upstream_cert_verifier
+            .verify_client_cert(end_entity, intermediates, now);
+
+        match result.as_ref() {
+            Err(e) => log::error!(
+                "FAILED authentication attempt from Serial={} / Subject={} : {}",
+                cert.serial,
+                cert.subject,
+                e
+            ),
+            Ok(_) => log::info!(
+                "SUCCESSFUL authentication attempt from Serial={} / Subject={}",
+                cert.serial,
+                cert.subject
+            ),
+        }
+
+        result
     }
 }