From dbe49a9ff81fcd6112ef320e0d1e2f5a7e6dd087 Mon Sep 17 00:00:00 2001 From: Mahdi Ramezani Date: Fri, 29 May 2026 04:27:37 +0000 Subject: [PATCH 1/2] Added client cert CNs to the auth failure log. Signed-off-by: Mahdi Ramezani --- go-server-server/go/auth.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/go-server-server/go/auth.go b/go-server-server/go/auth.go index 21c9e1b..596544d 100644 --- a/go-server-server/go/auth.go +++ b/go-server-server/go/auth.go @@ -42,6 +42,11 @@ func CommonNameMatch(r *http.Request) bool { } } - log.Printf("error: Authentication Fail! None of the common names in the client cert match any of the trusted common names") + commonNames := make([]string, 0) + for _, peercert := range r.TLS.PeerCertificates { + commonNames = append(commonNames, peercert.Subject.CommonName) + } + log.Printf("error: Authentication Failed! None of the common names in the client cert chain" + + " matched any of the trusted common names. Client cert common names: %v", commonNames) return false; } \ No newline at end of file From 9a1314513bb10a17336c63e25566fbb28cad3077 Mon Sep 17 00:00:00 2001 From: Mahdi Ramezani Date: Fri, 29 May 2026 20:41:12 +0000 Subject: [PATCH 2/2] Adding quotes around client cert CNs and escaping special characters. Signed-off-by: Mahdi Ramezani --- go-server-server/go/auth.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/go-server-server/go/auth.go b/go-server-server/go/auth.go index 596544d..47bff1d 100644 --- a/go-server-server/go/auth.go +++ b/go-server-server/go/auth.go @@ -4,6 +4,7 @@ import ( "log" "net/http" "strings" + "strconv" ) func CommonNameMatch(r *http.Request) bool { @@ -44,7 +45,7 @@ func CommonNameMatch(r *http.Request) bool { commonNames := make([]string, 0) for _, peercert := range r.TLS.PeerCertificates { - commonNames = append(commonNames, peercert.Subject.CommonName) + commonNames = append(commonNames, strconv.Quote(peercert.Subject.CommonName)) } log.Printf("error: Authentication Failed! None of the common names in the client cert chain" + " matched any of the trusted common names. Client cert common names: %v", commonNames)