SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions

Merge pull request #96 from csaf-poc/dev-improve-client-certs

Browse source 
Improve log output when using client certificates with provider
This commit is contained in:
Fadi Abbud 2022-04-13 14:15:30 +02:00 committed by GitHub
commit de9c2b9663
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
cmd/csaf_provider/controller.go
View file

@ -82,7 +82,13 @@ func (c *controller) auth(
verify := os.Getenv("SSL_CLIENT_VERIFY")
log.Printf("SSL_CLIENT_VERIFY: %s\n", verify)
log.Printf("ca: %s\n", os.Getenv("SSL_CLIENT_I_DN"))
if verify == "SUCCESS" || strings.HasPrefix(verify, "FAILED") {
// potentially we want to see the Issuer when there is a problem
// but it is not clear if we get this far in case of "FAILED".
// docs (accessed 2022-03-31 when 1.20.2 was current stable):
// https://nginx.org/en/docs/http/ngx_http_ssl_module.html#var_ssl_client_verify
log.Printf("SSL_CLIENT_I_DN: %s\n", os.Getenv("SSL_CLIENT_I_DN"))
}
switch {
case verify == "SUCCESS" && (c.cfg.Issuer == nil || *c.cfg.Issuer == os.Getenv("SSL_CLIENT_I_DN")):