Hi,
I need to log cert based authentication failures and I don't see any hooks available to interact with the SSL handshake at the point of rejection. I found the following hooks but these seems to be after the handshake itself.
1. TlsServerCredentialsOptions struct has the set_certificate_verifier() API which is for custom verifications, gets invoked only after the SSL handshake is completed.
2. grpc::AuthMetadataProcessor::Process() API is also after the handshake itself.
3. C++ interceptors are also after the handshake is completed (builder.experimental().SetInterceptorCreators())
This can be done easily in grpc-go by wrapping credentials.TransportCredentials and implementing ServerHandshake() API to capture failures and logging them.
Is this even possible using gRPC-C++ libs? Please advise.