Skip to content

Commit

Permalink
backport of commit 4515a01
Browse files Browse the repository at this point in the history
  • Loading branch information
sgmiller authored Sep 23, 2024
1 parent de8670d commit a413ac7
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 6 deletions.
3 changes: 3 additions & 0 deletions changelog/28450.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
auth/cert: During certificate validation, OCSP requests are debug logged even if Vault's log level is above DEBUG.
```
1 change: 1 addition & 0 deletions sdk/helper/ocsp/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -612,6 +612,7 @@ func (c *Client) GetRevocationStatus(ctx context.Context, subject, issuer *x509.
timeout := defaultOCSPResponderTimeout

ocspClient := retryablehttp.NewClient()
ocspClient.Logger = c.Logger()
ocspClient.RetryMax = conf.OcspMaxRetries
ocspClient.HTTPClient.Timeout = timeout
ocspClient.HTTPClient.Transport = newInsecureOcspTransport(conf.ExtraCas)
Expand Down
13 changes: 7 additions & 6 deletions sdk/helper/ocsp/ocsp_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,16 @@ func TestOCSP(t *testing.T) {
for _, tgt := range targetURL {
c.ocspResponseCache, _ = lru.New2Q(10)
for _, tr := range transports {
c := &http.Client{
Transport: tr,
Timeout: 30 * time.Second,
}
req, err := http.NewRequest("GET", tgt, bytes.NewReader(nil))
ocspClient := retryablehttp.NewClient()
ocspClient.Logger = c.Logger()
ocspClient.RetryMax = conf.OcspMaxRetries
ocspClient.HTTPClient.Timeout = 30 * time.Second
ocspClient.HTTPClient.Transport = tr
req, err := retryablehttp.NewRequest("GET", tgt, bytes.NewReader(nil))
if err != nil {
t.Fatalf("fail to create a request. err: %v", err)
}
res, err := c.Do(req)
res, err := ocspClient.Do(req)
if err != nil {
t.Fatalf("failed to GET contents. err: %v", err)
}
Expand Down

0 comments on commit a413ac7

Please sign in to comment.