Loading...

XML

Word

Printable

Details

Type: Feature Request
Resolution: Can't Do
Priority: Major
Fix Version/s: None
Affects Version/s: 2.10 GA
Component/s: Gateway
Labels:
- support

Blocked:
False
Ready:
False
3Scale PT Tested upstream:
Not Started
3scale PT Docs:
Not Started
3scale PT Product Specs:
Not Started
3scale PT Product Update Ready:
Not Started
3scale PT Released In Saas:
Not Started
3scale PT Verified Product:
Not Started
Hierarchy Progress:
0
Hierarchy Progress Bar:

0% 0%
Release Note Text:
Undefined

SFDC Cases Links:
SFDC Cases Counter:

Description

Currently the APIcast "debug" level logs are not very informative when Mutual TLS is being used, which makes it hard to troubleshoot issues (both for Support and for the customers as well). A few useful information that could be added:

Did APIcast send the client side Certificate?
How did it send? Was it embedded or did it use a file?
Maybe an Environment Variable such as 'APICAST_TLS_LOG_LEVEL' could be helpful and mimic the behavior from 'APICAST_OIDC_LOG_LEVEL' when set to "debug", e.g. output more TLS/mTLS troubleshooting data, including the Certificates being sent.

It's relatively easy to troubleshoot TLS only issues, however when this flows happens both ways (mTLS), it becomes a bit more complex to detect what is really happening.

Attachments

Issue Links

relates to

THREESCALE-7363 Upstream Mutual TLS (mTLS) between APIcast and the Backend API fails when more than a single certificate is used

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Estevao Konecsni

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2021/07/19 7:26 PM

Updated:: 2023/04/12 10:02 AM

Resolved:: 2023/04/12 10:02 AM