mirrors/nebula
1
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2025-12-05 18:20:48 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Don't log every blocklisted fingerprint (#1525)

Browse source
This commit is contained in:
Nate Brown 2025-11-12 10:41:46 -05:00 committed by GitHub
parent 48f1ae98ba
commit 52f1908126
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
pki.go
View file

@ -523,10 +523,14 @@ func loadCAPoolFromConfig(l *logrus.Logger, c *config.C) (*cert.CAPool, error) {
return nil, fmt.Errorf("error while adding CA certificate to CA trust store: %s", err)
}
for _, fp := range c.GetStringSlice("pki.blocklist", []string{}) {
l.WithField("fingerprint", fp).Info("Blocklisting cert")
bl := c.GetStringSlice("pki.blocklist", []string{})
if len(bl) > 0 {
for _, fp := range bl {
caPool.BlocklistFingerprint(fp)
}
l.WithField("fingerprintCount", len(bl)).Info("Blocklisted certificates")
}
return caPool, nil
}