cyonjan/frp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improve log statements

Browse Source
This commit is contained in:
Moritz Habegger 2023-11-13 13:59:44 +01:00
parent 2b91ac4d18
commit 5950a745b6
No known key found for this signature in database
GPG Key ID: 1627E2B493D230F3
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/util/net/tls.go
View File

@ -63,18 +63,18 @@ func IsClientCertificateSubjectValid(c net.Conn, tlsConfig v1.TLSServerConfig) b
subjectRegex := tlsConfig.ClientCertificateSubjectRegex subjectRegex := tlsConfig.ClientCertificateSubjectRegex
regex, err := regexp.Compile(subjectRegex) regex, err := regexp.Compile(subjectRegex)
if err != nil { if err != nil {
log.Trace("Client certificate subject validation is disabled") log.Trace("TLS client certificate subject validation is disabled")
return true return true
} }
tlsConn, ok := c.(*tls.Conn) tlsConn, ok := c.(*tls.Conn)
if !ok { if !ok {
log.Warn("Skip client certificate subject validation because its not a tls connection") log.Warn("Skip TLS client certificate subject validation because its non-TLS connection")
return true return true
} }
state := tlsConn.ConnectionState() state := tlsConn.ConnectionState()
log.Trace("Validating client certificate subject using regex: %v", subjectRegex) log.Trace("Validating TLS client certificate subject using regex: %v", subjectRegex)
if len(state.PeerCertificates) == 0 { if len(state.PeerCertificates) == 0 {
log.Warn("No client certificates found in TLS connection, the verification was probably called to early.") log.Warn("No client certificates found in TLS connection, the verification was probably called to early.")
return false return false
@ -83,10 +83,10 @@ func IsClientCertificateSubjectValid(c net.Conn, tlsConfig v1.TLSServerConfig) b
for _, v := range state.PeerCertificates { for _, v := range state.PeerCertificates {
subject := fmt.Sprintf("%v", v.Subject) subject := fmt.Sprintf("%v", v.Subject)
if !regex.MatchString(subject) { if !regex.MatchString(subject) {
log.Warn("Client certificate subject %v doesn't match regex %v", v.Subject, subjectRegex) log.Warn("TLS client certificate subject %v doesn't match regex %v", v.Subject, subjectRegex)
return false return false
} }
log.Trace("Client certificate subject is valid") log.Trace("TLS client certificate subject is valid")
} }
return true return true
} }