diff --git a/doc/configuration.txt b/doc/configuration.txt index f92653975..08782370e 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -16074,8 +16074,8 @@ ocsp-update [ off | on ] (crt-list only) Whenever an OCSP response is updated by the auto update task or following a call to the "update ssl ocsp-response" CLI command, a dedicated log line is - emitted. It follows a dedicated log-format that contains the following header - "%ci:%cp [%tr] %ft" and is followed by specific OCSP-related information: + emitted. It follows a dedicated format that contains the following header + "" and is followed by specific OCSP-related information: - the path of the corresponding frontend certificate - a numerical update status - a textual update status @@ -16095,11 +16095,11 @@ ocsp-update [ off | on ] (crt-list only) Here are two examples of such log lines, with a successful OCSP update log line first and then an example of an HTTP error with the two different lines (lines were spit and the URL was shortened for readability): - <134>Mar 6 11:16:53 haproxy[14872]: -:- [06/Mar/2023:11:16:52.808] \ - /path_to_cert/foo.pem 1 "Update successful" 0 1 + <134>Mar 6 11:16:53 haproxy[14872]: /path_to_cert/foo.pem 1 \ + "Update successful" 0 1 - <134>Mar 6 11:18:55 haproxy[14872]: -:- [06/Mar/2023:11:18:54.207] \ - /path_to_cert/bar.pem 2 "HTTP error" 1 0 + <134>Mar 6 11:18:55 haproxy[14872]: /path_to_cert/bar.pem 2 \ + "HTTP error" 1 0 <134>Mar 6 11:18:55 haproxy[14872]: -:- [06/Mar/2023:11:18:52.200] \ -/- 2/0/-1/-1/3009 503 217 - - SC-- 0/0/0/0/3 0/0 {} \ "GET http://127.0.0.1:12345/MEMwQT HTTP/1.1" diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c index b78cb3c28..6d68aa3d4 100644 --- a/src/ssl_ocsp.c +++ b/src/ssl_ocsp.c @@ -1110,10 +1110,8 @@ void ocsp_update_response_end_cb(struct httpclient *hc) /* - * Send a log line that will mimic this previously used logformat : - * char ocspupdate_log_format[] = "%ci:%cp [%tr] %ft %[ssl_ocsp_certname] \ - * %[ssl_ocsp_status] %{+Q}[ssl_ocsp_status_str] %[ssl_ocsp_fail_cnt] \ - * %[ssl_ocsp_success_cnt]"; + * Send a log line that will contain only OCSP update related information: + * " \"\" " * We can't use the regular sess_log function because we don't have any control * over the stream and session used by the httpclient which might not exist * anymore by the time we call this function. @@ -1123,8 +1121,6 @@ static void ssl_ocsp_send_log() int status_str_len = 0; char *status_str = NULL; struct certificate_ocsp *ocsp = ssl_ocsp_task_ctx.cur_ocsp; - struct tm tm; - char timebuf[25]; if (!httpclient_ocsp_update_px) return; @@ -1134,11 +1130,7 @@ static void ssl_ocsp_send_log() status_str = istptr(ocsp_update_errors[ssl_ocsp_task_ctx.update_status]); } - get_localtime(date.tv_sec, &tm); - date2str_log(timebuf, &tm, &date, 25); - - send_log(httpclient_ocsp_update_px, LOG_INFO, "-:- [%s] %s %s %u \"%.*s\" %u %u", - timebuf, + send_log(httpclient_ocsp_update_px, LOG_INFO, "%s %s %u \"%.*s\" %u %u", httpclient_ocsp_update_px->id, ocsp->path, ssl_ocsp_task_ctx.update_status,