mirror of https://github.com/slackhq/nebula.git
Don't log invalid certificates
This commit is contained in:
parent
a390125935
commit
162ce96f78
|
@ -33,6 +33,5 @@ l.WithError(err).
|
|||
WithField("vpnIp", IntIp(hostinfo.hostId)).
|
||||
WithField("udpAddr", addr).
|
||||
WithField("handshake", m{"stage": 1, "style": "ix"}).
|
||||
WithField("cert", remoteCert).
|
||||
Info("Invalid certificate from host")
|
||||
```
|
|
@ -91,7 +91,7 @@ func ixHandshakeStage1(f *Interface, addr *udp.Addr, via *ViaSender, packet []by
|
|||
remoteCert, err := RecombineCertAndValidate(ci.H, hs.Details.Cert, f.pki.GetCAPool())
|
||||
if err != nil {
|
||||
f.l.WithError(err).WithField("udpAddr", addr).
|
||||
WithField("handshake", m{"stage": 1, "style": "ix_psk0"}).WithField("cert", remoteCert).
|
||||
WithField("handshake", m{"stage": 1, "style": "ix_psk0"}).
|
||||
Info("Invalid certificate from host")
|
||||
return
|
||||
}
|
||||
|
@ -373,7 +373,7 @@ func ixHandshakeStage2(f *Interface, addr *udp.Addr, via *ViaSender, hh *Handsha
|
|||
remoteCert, err := RecombineCertAndValidate(ci.H, hs.Details.Cert, f.pki.GetCAPool())
|
||||
if err != nil {
|
||||
f.l.WithError(err).WithField("vpnIp", hostinfo.vpnIp).WithField("udpAddr", addr).
|
||||
WithField("cert", remoteCert).WithField("handshake", m{"stage": 2, "style": "ix_psk0"}).
|
||||
WithField("handshake", m{"stage": 2, "style": "ix_psk0"}).
|
||||
Error("Invalid certificate from host")
|
||||
|
||||
// The handshake state machine is complete, if things break now there is no chance to recover. Tear down and start again
|
||||
|
|
Loading…
Reference in New Issue