Merge pull request #907 from castrapel/log_ssl_alt_name

Log ssl alt name errors
Netflix · Jan 15, 2018 · 937ad29 · 937ad29
2 parents 1ddf878 + 83cfbcf
commit 937ad29
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 2 deletions.
diff --git a/env-config/config-docker.py b/env-config/config-docker.py
@@ -258,3 +258,6 @@ def env_to_bool(input):
 REMEMBER_COOKIE_DURATION=timedelta(minutes=60)  # Can make longer if you want remember_me to be useful.
 REMEMBER_COOKIE_SECURE=True
 REMEMBER_COOKIE_HTTPONLY=True
+
+# Log SSL Cert SubjectAltName errors
+LOG_SSL_SUBJ_ALT_NAME_ERRORS = True
diff --git a/env-config/config-local.py b/env-config/config-local.py
@@ -212,4 +212,7 @@
         # Public x509 certificate of the IdP
         "x509cert": "<ONELOGIN_APP_CERT>"
     }
-}
+}
+
+# Log SSL Cert SubjectAltName errors
+LOG_SSL_SUBJ_ALT_NAME_ERRORS = True
diff --git a/env-config/config.py b/env-config/config.py
@@ -90,6 +90,9 @@
 SECURITY_POST_RESET_VIEW = BASE_URL
 SECURITY_POST_CHANGE_VIEW = BASE_URL
 
+# Log SSL Cert SubjectAltName errors
+LOG_SSL_SUBJ_ALT_NAME_ERRORS = True
+
 # This address gets all change notifications (i.e. 'securityteam@example.com')
 SECURITY_TEAM_EMAIL = []
 

diff --git a/scripts/secmonkey_auto_install.sh b/scripts/secmonkey_auto_install.sh
@@ -566,6 +566,9 @@ REMEMBER_COOKIE_DURATION=timedelta(minutes=60)  # Can make longer if you want re
 REMEMBER_COOKIE_SECURE=True
 REMEMBER_COOKIE_HTTPONLY=True
 
+# Log SSL Cert SubjectAltName errors
+LOG_SSL_SUBJ_ALT_NAME_ERRORS = True
+
 EOF
 
 }

diff --git a/security_monkey/watchers/iam/iam_ssl.py b/security_monkey/watchers/iam/iam_ssl.py
@@ -115,7 +115,8 @@ def cert_get_domains(cert):
         for entry in entries:
             domains.append(entry)
     except Exception as e:
-        app.logger.warning("Failed to get SubjectAltName: {0}".format(e))
+        if app.config.get("LOG_SSL_SUBJ_ALT_NAME_ERRORS", True):
+            app.logger.warning("Failed to get SubjectAltName: {0}".format(e), exc_info=True)
 
     return domains