From 2be8d2d068557631813607d84bb03c91fbeaaf80 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Fri, 20 Nov 2015 15:39:00 +1100 Subject: [PATCH] TLS and Dogtag HTTPS request logging improvements Pretty printing the TLS peer certificate to logs on every request introduces a lot of noise; do not log it (subject name, key usage and validity are still logged). Fix and tidy up some HTTP logging messages for Dogtag requests. Part of: https://fedorahosted.org/freeipa/ticket/5269 Reviewed-By: Jan Cholasta --- ipapython/dogtag.py | 9 ++++----- ipapython/nsslib.py | 3 --- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 51c2ec9b4..71de96dc6 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -324,7 +324,7 @@ def _httplib_request( if isinstance(host, unicode): host = host.encode('utf-8') uri = '%s://%s%s' % (protocol, ipautil.format_netloc(host, port), path) - root_logger.debug('request %r', uri) + root_logger.debug('request %s %s', method, uri) root_logger.debug('request body %r', request_body) headers = headers or {} @@ -347,9 +347,8 @@ def _httplib_request( except Exception as e: raise NetworkError(uri=uri, error=str(e)) - root_logger.debug('request status %d', http_status) - root_logger.debug('request reason_phrase %r', http_reason_phrase) - root_logger.debug('request headers %s', http_headers) - root_logger.debug('request body %r', http_body) + root_logger.debug('response status %d %s', http_status, http_reason_phrase) + root_logger.debug('response headers %s', http_headers) + root_logger.debug('response body %r', http_body) return http_status, http_reason_phrase, http_headers, http_body diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py index 5ae79b65c..06e53294f 100644 --- a/ipapython/nsslib.py +++ b/ipapython/nsslib.py @@ -48,9 +48,6 @@ def auth_certificate_callback(sock, check_sig, is_server, certdb): cert = sock.get_peer_certificate() - root_logger.debug("auth_certificate_callback: check_sig=%s is_server=%s\n%s", - check_sig, is_server, str(cert)) - pin_args = sock.get_pkcs11_pin_arg() if pin_args is None: pin_args = ()