-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls: include X509 error string when verify result is not x509_V_OK. #9527
Merged
+4
−2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
niedbalski
changed the title
tls: improve cert load and error logging for handshake.
tls: add detailed windows store and x509 verification error logs.
Oct 25, 2024
niedbalski
requested review from
edsiper,
leonardo-albertovich,
fujimotos and
koleini
as code owners
October 25, 2024 12:24
4 tasks
edsiper
requested changes
Oct 25, 2024
cosmo0920
requested changes
Oct 28, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I found other code style issues. Basically, the added diffs are properly handled for errors. But, we need to /* ... */
style of one line comments.
niedbalski
force-pushed
the
calyptia-tls-debug
branch
from
October 28, 2024 10:24
ee5aa24
to
079a862
Compare
@edsiper @cosmo0920 fixed the issues, will provide some unit tests to ensure this is not breaking. |
niedbalski
force-pushed
the
calyptia-tls-debug
branch
from
October 28, 2024 21:40
079a862
to
9a34aad
Compare
niedbalski
changed the title
tls: add detailed windows store and x509 verification error logs.
tls: include X509 error string when verify result is not x509_V_OK.
Oct 28, 2024
niedbalski
force-pushed
the
calyptia-tls-debug
branch
from
October 28, 2024 21:46
35071d7
to
0a76e1a
Compare
Add the X509_verify_cert_error_string to the log message when SSL verification result != X509_V_OK. Signed-off-by: Jorge Niedbalski <[email protected]>
niedbalski
force-pushed
the
calyptia-tls-debug
branch
from
October 28, 2024 21:47
0a76e1a
to
a0d7192
Compare
cosmo0920
approved these changes
Oct 29, 2024
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Users with expired CA never got to understand the root cause by reading the log message, although this information is available on the x509 error details. (https://x509errors.org/)
This patch adds the X509_verify_cert_error_string to the log message when SSL verification result != X509_V_OK.
With this patch applied, the following information is returned
Testing
Configuration I have used.
Documentation
N/A
Backporting
Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.