Improve OCSP exception handling

Add stack trace for error logs when they are generated from internal error
dogtagpki · Aug 17, 2023 · 3973db7 · 3973db7
1 parent eca1957
commit 3973db7
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/base/ocsp/src/main/java/com/netscape/cms/ocsp/CRLLdapValidator.java b/base/ocsp/src/main/java/com/netscape/cms/ocsp/CRLLdapValidator.java
@@ -78,7 +78,7 @@ public boolean approve(X509Certificate certificate, ValidityStatus currentStatus
                         pt = tPt;
                     }
                 } catch (IOException e) {
-                    logger.error("CRLLdapValidator: problem extracting key from SKI/AKI");
+                    logger.error("CRLLdapValidator: problem extracting key from SKI/AKI: " + e.getMessage(), e);
                 }
             }
         } catch (EBaseException | CertificateException e) {

diff --git a/base/ocsp/src/main/java/org/dogtagpki/server/ocsp/OCSPEngine.java b/base/ocsp/src/main/java/org/dogtagpki/server/ocsp/OCSPEngine.java
@@ -100,6 +100,7 @@ protected void initSequence() throws Exception {
 
         initDebug();
         initAuditor();
+        initDBSubsystem();
         init();
         initPasswordStore();
         initSubsystemListeners();
@@ -114,7 +115,6 @@ protected void initSequence() throws Exception {
         initDatabase();
 
         initJssSubsystem();
-        initDBSubsystem();
         initUGSubsystem();
         initOIDLoaderSubsystem();
         initX500NameSubsystem();
@@ -192,7 +192,7 @@ private boolean crlCertValid(LDAPStore crlStore, X509Certificate certificate, Va
                         pt = tPt;
                     }
                 } catch (IOException e) {
-                    logger.error("OCSPEngine: problem extracting key from SKI/AKI");
+                    logger.error("OCSPEngine: problem extracting key from SKI/AKI: " + e.getMessage(), e);
                 }
             }
         } catch (EBaseException | CertificateException e) {
@@ -211,7 +211,7 @@ private boolean crlCertValid(LDAPStore crlStore, X509Certificate certificate, Va
                 return true;
             }
         } catch (Exception e) {
-            logger.error("OCSPEngine: crl check error. " + e.getMessage());
+            logger.error("OCSPEngine: crl check error. " + e.getMessage(), e);
         }
         logger.info("OCSPEngine: peer certificate not valid");
         return false;