Merge pull request #96 from csaf-poc/dev-improve-client-certs

Improve log output when using client certificates with provider
2025-12-22 11:55:40 +01:00 · 2022-04-13 14:15:30 +02:00 · 2022-04-13 14:15:30 +02:00 · de9c2b9663
commit de9c2b9663
parent f04473874a 96f4d57b76
1 changed files with 7 additions and 1 deletions
--- a/cmd/csaf_provider/controller.go
+++ b/cmd/csaf_provider/controller.go
@ -82,7 +82,13 @@ func (c *controller) auth(
 		verify := os.Getenv("SSL_CLIENT_VERIFY")
 		log.Printf("SSL_CLIENT_VERIFY: %s\n", verify)
-		log.Printf("ca: %s\n", os.Getenv("SSL_CLIENT_I_DN"))
+		if verify == "SUCCESS" || strings.HasPrefix(verify, "FAILED") {
 			// potentially we want to see the Issuer when there is a problem
 			// but it is not clear if we get this far in case of "FAILED".
 			// docs (accessed 2022-03-31 when 1.20.2 was current stable):
 			// https://nginx.org/en/docs/http/ngx_http_ssl_module.html#var_ssl_client_verify
 			log.Printf("SSL_CLIENT_I_DN: %s\n", os.Getenv("SSL_CLIENT_I_DN"))
 		}
 		switch {
 		case verify == "SUCCESS" && (c.cfg.Issuer == nil || *c.cfg.Issuer == os.Getenv("SSL_CLIENT_I_DN")):