This is an automated email from the ASF dual-hosted git repository. maskit pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit d5173946c2c66be31d78481b7a278e5a91034686 Author: Randall Meyer AuthorDate: Mon Jul 2 10:27:57 2018 -0700 Cleans up logging around OCSP --- iocore/net/OCSPStapling.cc | 4 ++-- iocore/net/SSLUtils.cc | 14 +++++++------- src/traffic_server/InkAPI.cc | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/iocore/net/OCSPStapling.cc b/iocore/net/OCSPStapling.cc index 2793072..7f95137 100644 --- a/iocore/net/OCSPStapling.cc +++ b/iocore/net/OCSPStapling.cc @@ -185,13 +185,13 @@ ssl_stapling_init_cert(SSL_CTX *ctx, X509 *cert, const char *certname) cinf->uri = sk_OPENSSL_STRING_pop(aia); } if (!cinf->uri) { - Note("no responder URI for %s", certname); + Note("no OCSP responder URI for %s", certname); } if (aia) { X509_email_free(aia); } - Note("successfully initialized certinfo for %s into SSL_CTX: %p", certname, ctx); + Note("successfully initialized stapling for %s into SSL_CTX: %p", certname, ctx); return true; } diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index c6405ff..bc9641a 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -1862,14 +1862,14 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config *sslMu #ifdef HAVE_OPENSSL_OCSP_STAPLING if (SSLConfigParams::ssl_ocsp_enabled) { - Debug("ssl", "ssl ocsp stapling is enabled"); + Debug("ssl", "SSL OCSP Stapling is enabled"); SSL_CTX_set_tlsext_status_cb(ctx, ssl_callback_ocsp_stapling); } else { - Debug("ssl", "ssl ocsp stapling is disabled"); + Debug("ssl", "SSL OCSP Stapling is disabled"); } #else if (SSLConfigParams::ssl_ocsp_enabled) { - Warning("fail to enable ssl ocsp stapling, this openssl version does not support it"); + Warning("failed to enable SSL OCSP Stapling; this version of OpenSSL does not support it"); } #endif /* HAVE_OPENSSL_OCSP_STAPLING */ @@ -1968,19 +1968,19 @@ ssl_store_ssl_context(const SSLConfigParams *params, SSLCertLookup *lookup, cons #ifdef HAVE_OPENSSL_OCSP_STAPLING if (SSLConfigParams::ssl_ocsp_enabled) { - Debug("ssl", "ssl ocsp stapling is enabled"); + Debug("ssl", "SSL OCSP Stapling is enabled"); SSL_CTX_set_tlsext_status_cb(ctx, ssl_callback_ocsp_stapling); for (auto cert : cert_list) { if (!ssl_stapling_init_cert(ctx, cert, certname)) { - Warning("fail to configure SSL_CTX for OCSP Stapling info for certificate at %s", (const char *)certname); + Warning("failed to configure SSL_CTX for OCSP Stapling info for certificate at %s", (const char *)certname); } } } else { - Debug("ssl", "ssl ocsp stapling is disabled"); + Debug("ssl", "SSL OCSP Stapling is disabled"); } #else if (SSLConfigParams::ssl_ocsp_enabled) { - Warning("fail to enable ssl ocsp stapling, this openssl version does not support it"); + Warning("failed to enable SSL OCSP Stapling; this version of OpenSSL does not support it"); } #endif /* HAVE_OPENSSL_OCSP_STAPLING */ diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc index b962561..8b656b1 100644 --- a/src/traffic_server/InkAPI.cc +++ b/src/traffic_server/InkAPI.cc @@ -9199,7 +9199,7 @@ TSSslServerContextCreate(TSSslX509 cert, const char *certname) if (ret && SSLConfigParams::ssl_ocsp_enabled && cert && certname) { if (SSL_CTX_set_tlsext_status_cb(reinterpret_cast(ret), ssl_callback_ocsp_stapling)) { if (!ssl_stapling_init_cert(reinterpret_cast(ret), reinterpret_cast(cert), certname)) { - Warning("fail to configure SSL_CTX for OCSP Stapling info for certificate at %s", (const char *)certname); + Warning("failed to configure SSL_CTX for OCSP Stapling info for certificate at %s", (const char *)certname); } } }