Way to configure logging to emit SSL Certificate info with a failure message?
Alan DeKok
aland at deployingradius.com
Thu Mar 9 15:59:46 UTC 2023
On Mar 9, 2023, at 10:47 AM, Andy Arp <bubbaandy89 at gmail.com> wrote:
>
> Looking for ways to configure version 3.0.x to emit additional log data
> when an SSL error occurs. Specifically looking for ways to emit the SAN or
> even the ID of the certificate being presented to make it easier to track
> down badly configured clients without having to turn on debug mode.
>
> Example of log message we're seeing as too generic currently:
>
> Mon Mar 6 10:32:59 2023 : ERROR: (0) ERROR: SSL says error 23 :
> certificate revoked
See the debug output. The certificate fields are placed into attributes, and those attributes can be logged.
Those error messages should also be placed into the TLS-Session-Information attribute, and placed into the session-state list.
Alan DeKok.
More information about the Freeradius-Users
mailing list