SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Improve providers handlung of tls client certs

Browse source 
* Change logging logic to print out the Issuer when a certificate
   was presented.
This commit is contained in:
Bernhard Reiter 2022-03-31 12:00:13 +02:00
parent b99322708e
commit 21eb768a05
No known key found for this signature in database
GPG key ID: 2B7BA3BF9BC3A554
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
cmd/csaf_provider/controller.go
View file

@ -82,7 +82,13 @@ func (c *controller) auth(
verify := os.Getenv("SSL_CLIENT_VERIFY")
log.Printf("SSL_CLIENT_VERIFY: %s\n", verify)
log.Printf("ca: %s\n", os.Getenv("SSL_CLIENT_I_DN"))
if verify == "SUCCESS" || strings.HasPrefix(verify, "FAILED") {
// potentially we want to see the Issuer when there is a problem
// but it is not clear if we get this far in case of "FAILED".
// docs (accessed 2022-03-31 when 1.20.2 was current stable):
// https://nginx.org/en/docs/http/ngx_http_ssl_module.html#var_ssl_client_verify
log.Printf("SSL_CLIENT_I_DN: %s\n", os.Getenv("SSL_CLIENT_I_DN"))
}
switch {
case verify == "SUCCESS" && (c.cfg.Issuer == nil || *c.cfg.Issuer == os.Getenv("SSL_CLIENT_I_DN")):