|
 |
2e9388 |
From c54278c3c90bb5999e1b7c2ed745f6f2b2a83d19 Mon Sep 17 00:00:00 2001
|
|
|
2e9388 |
From: Fraser Tweedale <ftweedal@redhat.com>
|
|
|
2e9388 |
Date: Fri, 20 Nov 2015 15:39:00 +1100
|
|
|
2e9388 |
Subject: [PATCH] TLS and Dogtag HTTPS request logging improvements
|
|
|
2e9388 |
|
|
|
2e9388 |
Pretty printing the TLS peer certificate to logs on every request
|
|
|
2e9388 |
introduces a lot of noise; do not log it (subject name, key usage
|
|
|
2e9388 |
and validity are still logged).
|
|
|
2e9388 |
|
|
|
2e9388 |
Fix and tidy up some HTTP logging messages for Dogtag requests.
|
|
|
2e9388 |
|
|
|
2e9388 |
Part of: https://fedorahosted.org/freeipa/ticket/5269
|
|
|
2e9388 |
|
|
|
2e9388 |
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
2e9388 |
---
|
|
|
2e9388 |
ipapython/dogtag.py | 9 ++++-----
|
|
|
2e9388 |
ipapython/nsslib.py | 3 ---
|
|
|
2e9388 |
2 files changed, 4 insertions(+), 8 deletions(-)
|
|
|
2e9388 |
|
|
|
2e9388 |
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
|
|
|
2e9388 |
index 3f0d08154d21a3072e344c311c3e70e414d9dee4..26b2de6ca77202fa9ccc61ee16ed7623e10ecb5f 100644
|
|
|
2e9388 |
--- a/ipapython/dogtag.py
|
|
|
2e9388 |
+++ b/ipapython/dogtag.py
|
|
|
2e9388 |
@@ -314,7 +314,7 @@ def _httplib_request(
|
|
|
2e9388 |
if isinstance(host, unicode):
|
|
|
2e9388 |
host = host.encode('utf-8')
|
|
|
2e9388 |
uri = '%s://%s%s' % (protocol, ipautil.format_netloc(host, port), path)
|
|
|
2e9388 |
- root_logger.debug('request %r', uri)
|
|
|
2e9388 |
+ root_logger.debug('request %s %s', method, uri)
|
|
|
2e9388 |
root_logger.debug('request body %r', request_body)
|
|
|
2e9388 |
|
|
|
2e9388 |
headers = headers or {}
|
|
|
2e9388 |
@@ -337,9 +337,8 @@ def _httplib_request(
|
|
|
2e9388 |
except Exception, e:
|
|
|
2e9388 |
raise NetworkError(uri=uri, error=str(e))
|
|
|
2e9388 |
|
|
|
2e9388 |
- root_logger.debug('request status %d', http_status)
|
|
|
2e9388 |
- root_logger.debug('request reason_phrase %r', http_reason_phrase)
|
|
|
2e9388 |
- root_logger.debug('request headers %s', http_headers)
|
|
|
2e9388 |
- root_logger.debug('request body %r', http_body)
|
|
|
2e9388 |
+ root_logger.debug('response status %d %s', http_status, http_reason_phrase)
|
|
|
2e9388 |
+ root_logger.debug('response headers %s', http_headers)
|
|
|
2e9388 |
+ root_logger.debug('response body %r', http_body)
|
|
|
2e9388 |
|
|
|
2e9388 |
return http_status, http_reason_phrase, http_headers, http_body
|
|
|
2e9388 |
diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py
|
|
|
2e9388 |
index def6b104e18fa67268a8c5a8629b533783fb5a95..79b8dc5be6a26cd6136ac62a4fa49572d765a9a0 100644
|
|
|
2e9388 |
--- a/ipapython/nsslib.py
|
|
|
2e9388 |
+++ b/ipapython/nsslib.py
|
|
|
2e9388 |
@@ -39,9 +39,6 @@ def auth_certificate_callback(sock, check_sig, is_server, certdb):
|
|
|
2e9388 |
|
|
|
2e9388 |
cert = sock.get_peer_certificate()
|
|
|
2e9388 |
|
|
|
2e9388 |
- root_logger.debug("auth_certificate_callback: check_sig=%s is_server=%s\n%s",
|
|
|
2e9388 |
- check_sig, is_server, str(cert))
|
|
|
2e9388 |
-
|
|
|
2e9388 |
pin_args = sock.get_pkcs11_pin_arg()
|
|
|
2e9388 |
if pin_args is None:
|
|
|
2e9388 |
pin_args = ()
|
|
|
2e9388 |
--
|
|
|
2e9388 |
2.4.3
|
|
|
2e9388 |
|