MEDIUM: ssl: Change output of ocsp-update log

Since commit "BUG/MEDIUM: ssl: Fix crash in ocsp-update log function",
some information from the log line are "faked" because they can be
actually retrieved anymore (or never could). We should then remove them
from the logline all along instead of providing some useless fields.

We then only keep pure OCSP-update information in the log line:
"<certname> <status> <status str> <fail count> <success count>"

diff --git a/doc/configuration.txt b/doc/configuration.txt
index f92653975d4eee59a557b7385526320987a8e14f..08782370e313d831b040a64089e9195c4895700c 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -16074,8 +16074,8 @@ ocsp-update [ off | on ] (crt-list only)
 
   Whenever an OCSP response is updated by the auto update task or following a
   call to the "update ssl ocsp-response" CLI command, a dedicated log line is
-  emitted. It follows a dedicated log-format that contains the following header
-  "%ci:%cp [%tr] %ft" and is followed by specific OCSP-related information:
+  emitted. It follows a dedicated format that contains the following header
+  "<OCSP-UPDATE>" and is followed by specific OCSP-related information:
     - the path of the corresponding frontend certificate
     - a numerical update status
     - a textual update status
@@ -16095,11 +16095,11 @@ ocsp-update [ off | on ] (crt-list only)
   Here are two examples of such log lines, with a successful OCSP update log
   line first and then an example of an HTTP error with the two different lines
   (lines were spit and the URL was shortened for readability):
-    <134>Mar  6 11:16:53 haproxy[14872]: -:- [06/Mar/2023:11:16:52.808] \
-            <OCSP-UPDATE> /path_to_cert/foo.pem 1 "Update successful" 0 1
+    <134>Mar  6 11:16:53 haproxy[14872]: <OCSP-UPDATE> /path_to_cert/foo.pem 1 \
+            "Update successful" 0 1
 
-    <134>Mar  6 11:18:55 haproxy[14872]: -:- [06/Mar/2023:11:18:54.207] \
-            <OCSP-UPDATE> /path_to_cert/bar.pem 2 "HTTP error" 1 0
+    <134>Mar  6 11:18:55 haproxy[14872]: <OCSP-UPDATE> /path_to_cert/bar.pem 2 \
+            "HTTP error" 1 0
     <134>Mar  6 11:18:55 haproxy[14872]: -:- [06/Mar/2023:11:18:52.200] \
             <OCSP-UPDATE> -/- 2/0/-1/-1/3009 503 217 - - SC-- 0/0/0/0/3 0/0 {} \
             "GET http://127.0.0.1:12345/MEMwQT HTTP/1.1"

diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c
index b78cb3c28f5b9650ed94a67d42f723e12f9675b0..6d68aa3d4337ae6c805e0a4f14323f367d7a9748 100644 (file)
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c
@@ -1110,10 +1110,8 @@ void ocsp_update_response_end_cb(struct httpclient *hc)
 
 
 /*
- * Send a log line that will mimic this previously used logformat :
- * char ocspupdate_log_format[] = "%ci:%cp [%tr] %ft %[ssl_ocsp_certname] \
- * %[ssl_ocsp_status] %{+Q}[ssl_ocsp_status_str] %[ssl_ocsp_fail_cnt] \
- * %[ssl_ocsp_success_cnt]";
+ * Send a log line that will contain only OCSP update related information:
+ * "<proxy_name> <ssl_ocsp_certname> <ocsp_status> \"<ocsp_status_str>\" <ocsp_fail_cnt> <ocsp_success_cnt>"
  * We can't use the regular sess_log function because we don't have any control
  * over the stream and session used by the httpclient which might not exist
  * anymore by the time we call this function.
@@ -1123,8 +1121,6 @@ static void ssl_ocsp_send_log()
        int status_str_len = 0;
        char *status_str = NULL;
        struct certificate_ocsp *ocsp = ssl_ocsp_task_ctx.cur_ocsp;
-       struct tm tm;
-       char timebuf[25];
 
        if (!httpclient_ocsp_update_px)
                return;
@@ -1134,11 +1130,7 @@ static void ssl_ocsp_send_log()
                status_str = istptr(ocsp_update_errors[ssl_ocsp_task_ctx.update_status]);
        }
 
-       get_localtime(date.tv_sec, &tm);
-       date2str_log(timebuf, &tm, &date, 25);
-
-       send_log(httpclient_ocsp_update_px, LOG_INFO, "-:- [%s] %s %s %u \"%.*s\" %u %u",
-                timebuf,
+       send_log(httpclient_ocsp_update_px, LOG_INFO, "%s %s %u \"%.*s\" %u %u",
                 httpclient_ocsp_update_px->id,
                 ocsp->path,
                 ssl_ocsp_task_ctx.update_status,