Bug 1161328 - [mod_ssl] Revoked Certificates are logged at the DEBUG level
Summary: [mod_ssl] Revoked Certificates are logged at the DEBUG level
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: httpd
Version: 6.5
Hardware: x86_64
OS: Linux
Target Milestone: rc
: ---
Assignee: Luboš Uhliarik
QA Contact: Filip Holec
Depends On:
TreeView+ depends on / blocked
Reported: 2014-11-06 22:22 UTC by Timothy Williams
Modified: 2021-01-14 09:35 UTC (History)
4 users (show)

Fixed In Version: httpd-2.2.15-40.el6
Doc Type: Bug Fix
Doc Text:
When a client presented a revoked certificate, log entries were created only at the debug level. With this update, the log level of messages regarding a revoked certificate has been increased to INFO, and administrators are now properly informed of this situation.
Clone Of:
Last Closed: 2015-07-22 05:53:36 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1249 0 normal SHIPPED_LIVE Low: httpd security, bug fix, and enhancement update 2015-07-20 17:50:12 UTC

Description Timothy Williams 2014-11-06 22:22:03 UTC
Description of problem:

When a client presents a revoked certificate, log entries are created only at the debug level. This is an error that, in production, needs to be logged. However, production servers generally should not be running the debug log level.

Version-Release number of selected component (if applicable):

Upstream patch: https://issues.apache.org/bugzilla/show_bug.cgi?id=52162

Comment 6 errata-xmlrpc 2015-07-22 05:53:36 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.