Way to configure logging to emit SSL Certificate info with a failure message?
Andy Arp
bubbaandy89 at gmail.com
Thu Mar 9 16:24:22 UTC 2023
Awesome, will give this a try. Did something similar recently with logging
returned Airespace-Interface-Name so the process should be pretty similar.
On Thu, Mar 9, 2023 at 11:00 AM Alan DeKok <aland at deployingradius.com>
wrote:
> On Mar 9, 2023, at 10:47 AM, Andy Arp <bubbaandy89 at gmail.com> wrote:
> >
> > Looking for ways to configure version 3.0.x to emit additional log data
> > when an SSL error occurs. Specifically looking for ways to emit the SAN
> or
> > even the ID of the certificate being presented to make it easier to track
> > down badly configured clients without having to turn on debug mode.
> >
> > Example of log message we're seeing as too generic currently:
> >
> > Mon Mar 6 10:32:59 2023 : ERROR: (0) ERROR: SSL says error 23 :
> > certificate revoked
>
> See the debug output. The certificate fields are placed into
> attributes, and those attributes can be logged.
>
> Those error messages should also be placed into the
> TLS-Session-Information attribute, and placed into the session-state list.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
Thanks, Andy Arp
More information about the Freeradius-Users
mailing list