Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add serial and issuer to SSL logs and audits #4752

Merged
merged 1 commit into from
May 29, 2024
Merged

Add serial and issuer to SSL logs and audits #4752

merged 1 commit into from
May 29, 2024

Conversation

fmarco76
Copy link
Member

When acting as server SSL logs where reporting in log and audit only the certificate subject. Since a client could use a certificate from other CAs to access, the issuer and the serial number of the certificate are included in the audit for a better identification.

To work properly in all condition this requires also dogtagpki/jss#1008

@fmarco76 fmarco76 added the WIP Work In Progress label May 22, 2024
@fmarco76 fmarco76 force-pushed the SubjectListener branch 2 times, most recently from 629610a to 04b2176 Compare May 22, 2024 16:43
@fmarco76 fmarco76 removed the WIP Work In Progress label May 22, 2024
@fmarco76 fmarco76 requested a review from ladycfu May 22, 2024 16:44
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
5 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
21.8% Duplication on New Code

See analysis details on SonarCloud

ladycfu
ladycfu reviewed May 22, 2024
View reviewed changes
Copy link
Contributor

@ladycfu ladycfu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not critical or anything, but if CertID is always the peer cert serial#, perhaps it'd be less confusing to call it something like "CertSerialNum" or "PeerCertSerialNum"? Also it might be better to call issuerID issuerDN.

@ladycfu
Copy link
Contributor

ladycfu commented May 22, 2024

I should add that other than the name change suggestions, LGTM if tested to work on both failure and success connection cases.

@fmarco76
Add serial and issuer to SSL logs and audits
613b38e 
When creating an SSL connection, logs and audits  where reporting only the
certificate subject. Since the certificate could be issued from other CAs
it could be difficult to identify.
This commit adds the issuer and the serial number of the certificate
in both the audit and log messages for a better identification.
@fmarco76
Copy link
Member Author

@ladycfu Thanks!

@fmarco76 fmarco76 merged commit e17a256 into dogtagpki:master May 29, 2024
137 of 145 checks passed
@fmarco76 fmarco76 deleted the SubjectListener branch May 29, 2024 16:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ladycfu ladycfu ladycfu left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fmarco76 @ladycfu