commit - 35579431eb3d6fbdef6bfa6723afcb72cdfd73ee
commit + ddbcd3c13f2159113bb7e9921a1bec13755c5d43
blob - 071ab9e36bd81d6994e183dbdaa1d9225df644de
blob + 75d81b27e0a59ff377536d2d0699b46a8d281dca
--- ge.c
+++ ge.c
@@ -28,6 +28,7 @@
 #include <string.h>
 #include <syslog.h>
 #include <unistd.h>
+#include <vis.h>
 
 #include "log.h"
 
@@ -43,6 +44,7 @@ void
 log_request(struct client *c, int code, const char *meta)
 {
 	char b[GEMINI_URL_LEN];
+	char cntmp[64], cn[64] = "-";
 	char rfc3339[32];
 	const char *t;
 	struct tm *tm;
@@ -80,9 +82,21 @@ log_request(struct client *c, int code, const char *me
 		strlcpy(b, t, sizeof(b));
 	}
 
-	fprintf(stderr, "%s %s - %s %s 0 %d %s\n", rfc3339,
-	    c->rhost, *c->domain == '\0' ? c->iri.host : c->domain,
-	    b, code, meta);
+	if (tls_peer_cert_provided(c->ctx)) {
+		const char *subj;
+		char *n;
+
+		subj = tls_peer_cert_subject(c->ctx);
+		if ((n = strstr(subj, "/CN=")) != NULL) {
+			strlcpy(cntmp, subj + 4, sizeof(cntmp));
+			if ((n = strchr(cntmp, '/')) != NULL)
+				*n = '\0';
+			strnvis(cn, cntmp, sizeof(cn), VIS_WHITE|VIS_DQ);
+		}
+	}
+
+	fprintf(stderr, "%s %s %s %s %s 0 %d %s\n", rfc3339, c->rhost, cn,
+	    *c->domain == '\0' ? c->iri.host : c->domain, b, code, meta);
 }
 
 void
blob - dbd31812f82003ede46a6fac98224031be907baa
blob + d97a6da7ed8eb5016819cce8f1f5e221d4533f6f
--- gmid.c
+++ gmid.c
@@ -29,6 +29,7 @@
 #include <signal.h>
 #include <string.h>
 #include <syslog.h>
+#include <vis.h>
 
 #include "log.h"
 #include "proc.h"
@@ -85,6 +86,7 @@ log_request(struct client *c, int code, const char *me
 {
 	struct conf *conf = c->conf;
 	char tstamp[64], rfc3339[32];
+	char cntmp[64], cn[64] = "-";
 	char b[GEMINI_URL_LEN];
 	char *fmted;
 	const char *t;
@@ -126,6 +128,19 @@ log_request(struct client *c, int code, const char *me
 		strlcpy(b, t, sizeof(b));
 	}
 
+	if (tls_peer_cert_provided(c->ctx)) {
+		const char *subj;
+		char *n;
+
+		subj = tls_peer_cert_subject(c->ctx);
+		if ((n = strstr(subj, "/CN=")) != NULL) {
+			strlcpy(cntmp, subj + 4, sizeof(cntmp));
+			if ((n = strchr(cntmp, '/')) != NULL)
+				*n = '\0';
+			strnvis(cn, cntmp, sizeof(cn), VIS_WHITE|VIS_DQ);
+		}
+	}
+
 	switch (conf->log_format) {
 	case LOG_FORMAT_LEGACY:
 		ec = asprintf(&fmted, "%s:%s GET %s %d %s", c->rhost,
@@ -134,14 +149,11 @@ log_request(struct client *c, int code, const char *me
 
 	case LOG_FORMAT_CONDENSED:
 		/*
-		 * XXX the first '-' is the remote user name, we
-		 * could use the client cert for it.
-		 *
 		 * XXX it should log the size of the request and
 		 * response.
 		 */
-		ec = asprintf(&fmted, "%s %s - %s %s 0 0 %d %s", rfc3339,
-		    c->rhost, *c->domain == '\0' ? c->iri.host : c->domain,
+		ec = asprintf(&fmted, "%s %s %s %s %s 0 0 %d %s", rfc3339,
+		    c->rhost, cn, *c->domain == '\0' ? c->iri.host : c->domain,
 		    b, code, meta);
 		break;
 
@@ -152,14 +164,11 @@ log_request(struct client *c, int code, const char *me
 	 */
 	case LOG_FORMAT_COMMON:
 		/*
-		 * XXX the second '-' is the remote user name, we
-		 * could use the client cert for it.
-		 *
 		 * XXX it should log the size of the response.
 		 */
-		ec = asprintf(&fmted, "%s %s - - %s \"%s\" %d 0",
+		ec = asprintf(&fmted, "%s %s - %s %s \"%s\" %d 0",
 		    *c->domain == '\0' ? c->iri.host : c->domain,
-		    c->rhost, tstamp, b, code);
+		    c->rhost, cn, tstamp, b, code);
 		break;
 
 	/*
@@ -170,13 +179,10 @@ log_request(struct client *c, int code, const char *me
 	case LOG_FORMAT_COMBINED:
 	default:
 		/*
-		 * XXX the second '-' is the remote user name, we
-		 * could use the client cert for it.
-		 *
 		 * XXX it should log the size of the response.
 		 */
-		ec = asprintf(&fmted, "%s - - [%s] \"%s\" %d 0 \"-\" \"\"",
-		    c->rhost, tstamp, b, code);
+		ec = asprintf(&fmted, "%s - %s [%s] \"%s\" %d 0 \"-\" \"\"",
+		    c->rhost, cn, tstamp, b, code);
 		break;
 	}