0ct0pu5/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

log common name when a cert is revoked

Browse source
This commit is contained in:
marco 2024-02-09 12:04:28 +01:00
parent c15c528df8
commit e55d9ef5f3
2 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/apiserver/middlewares/v1/tls_auth.go
View file

@ -271,7 +271,7 @@ func (ta *TLSAuth) ValidateCert(c *gin.Context) (bool, string, error) {
}
if revoked {
return false, "", fmt.Errorf("client certificate is revoked")
return false, "", fmt.Errorf("client certificate for %s is revoked", clientCert.Subject.CommonName)
}
ta.logger.Debugf("client OU %v is allowed vs required OU %v", clientCert.Subject.OrganizationalUnit, ta.AllowedOUs)

3
test/bats/30_machines_tls.bats
View file

@ -138,6 +138,7 @@ teardown() {
}
@test "revoked cert for agent" {
truncate_log
config_set "${CONFIG_DIR}/local_api_credentials.yaml" '
.ca_cert_path=strenv(tmpdir) + "/bundle.pem" |
.key_path=strenv(tmpdir) + "/agent_revoked-key.pem" |
@ -148,6 +149,8 @@ teardown() {
config_set "${CONFIG_DIR}/local_api_credentials.yaml" 'del(.login,.password)'
./instance-crowdsec start
rune -1 cscli lapi status
assert_log --partial "client certificate is revoked by CRL"
assert_log --partial "client certificate for localhost is revoked"
rune -0 cscli machines list -o json
assert_output '[]'
}