0ct0pu5/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

log OU too

Browse source
This commit is contained in:
marco 2024-02-09 12:07:44 +01:00
parent e55d9ef5f3
commit 91e6bf7638
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/apiserver/middlewares/v1/tls_auth.go
View file

@ -271,7 +271,7 @@ func (ta *TLSAuth) ValidateCert(c *gin.Context) (bool, string, error) {
}
if revoked {
return false, "", fmt.Errorf("client certificate for %s is revoked", clientCert.Subject.CommonName)
return false, "", fmt.Errorf("client certificate for CN=%s OU=%s is revoked", clientCert.Subject.CommonName, clientCert.Subject.OrganizationalUnit)
}
ta.logger.Debugf("client OU %v is allowed vs required OU %v", clientCert.Subject.OrganizationalUnit, ta.AllowedOUs)

2
test/bats/30_machines_tls.bats
View file

@ -150,7 +150,7 @@ teardown() {
./instance-crowdsec start
rune -1 cscli lapi status
assert_log --partial "client certificate is revoked by CRL"
assert_log --partial "client certificate for localhost is revoked"
assert_log --partial "client certificate for CN=localhost OU=[agent-ou] is revoked"
rune -0 cscli machines list -o json
assert_output '[]'
}