1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-22 16:25:17 +00:00

Add log message for failing lease update

This commit is contained in:
Lauri Võsandi 2018-05-16 11:51:07 +00:00
parent 5bda254c56
commit adff4a0a50

View File

@ -39,6 +39,9 @@ class LeaseResource(AuthorityHandler):
path, buf, cert, signed, expires = self.authority.get_signed(client_common_name) # TODO: catch exceptions path, buf, cert, signed, expires = self.authority.get_signed(client_common_name) # TODO: catch exceptions
if req.get_param("serial") and cert.serial_number != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan if req.get_param("serial") and cert.serial_number != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan
logger.info("Gateway %s attempted to submit lease information for %s with expired/unknown serial %x, expected %x" % (
req.context["machine"], client_common_name,
req.get_param_as_int("serial"), cert.serial_number))
raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied") raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied")
now = datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z" now = datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z"