From 3eda0e581b2647e07d1e64e18f565c5cd22aac93 Mon Sep 17 00:00:00 2001 From: Benny Baumann Date: Sun, 16 Jul 2017 01:25:49 +0200 Subject: [PATCH] chg: More refined logging --- ngx_ssl_ct_module.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/ngx_ssl_ct_module.c b/ngx_ssl_ct_module.c index 5d86df5..ed9c3e3 100644 --- a/ngx_ssl_ct_module.c +++ b/ngx_ssl_ct_module.c @@ -130,12 +130,21 @@ char *ngx_ssl_ct_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child, if (sct_list->len == 0) { ngx_pfree(cf->pool, sct_list); + ngx_log_error(NGX_LOG_DEBUG, cf->log, 0, + "No SCTs to attach for this certificate"); goto next; } #ifndef OPENSSL_IS_BORINGSSL /* associate the sct_list with the cert */ X509_set_ex_data(cert, ngx_ssl_ct_sct_list_index, sct_list); + + unsigned long ossl_error; + while((ossl_error = ERR_get_error())) { + char* ossl_errstr = ERR_error_string(ossl_error, NULL); + ngx_log_error(NGX_LOG_DEBUG, cf->log, 0, + "OpenSSL: %s", ossl_errstr); + } #else if (SSL_CTX_set_signed_cert_timestamp_list(ssl_ctx, sct_list->buf, sct_list->len) == 0) { @@ -350,7 +359,7 @@ static ngx_str_t *ngx_ssl_ct_read_static_sct(ngx_conf_t *cf, ngx_ssl_ct_ext *ngx_ssl_ct_read_static_scts(ngx_conf_t *cf, ngx_ssl_ct_srv_conf_t *ctconf, X509 *cert) { char *subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); - ngx_log_error(NGX_LOG_WARN, cf->log, 0, + ngx_log_error(NGX_LOG_INFO, cf->log, 0, "Looking up certificates for: %s", subj); /* allocate sct_list structure */ @@ -576,7 +585,7 @@ ngx_ssl_ct_ext *ngx_ssl_ct_read_static_scts(ngx_conf_t *cf, ngx_ssl_ct_srv_conf_ sct_list->buf[1] = sct_list_len; } else { ngx_log_error(NGX_LOG_WARN, cf->log, 0, - "No suiteable SCT found in configured directories"); + "No suiteable SCT found in configured directories for %s", subj); sct_list->len = 0; }