alkdev/reverse-proxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8ac39d9cd8a142c914a41d632cd855fa6284844a
reverse-proxy/tasks/fix/log-root-cert-count.md
glm-5.1 54f1725173 Decompose security review #003 findings into 17 fix tasks and 1 review task 
Address 4 critical, 8 warning, and 5 suggestion findings from the
security and bug review by creating atomic, dependency-ordered tasks:

Critical fixes (C1-C4): rate limiter IP source (ADR-025), InFlightCounter
increment + drain interval, connector timeout ceiling (ADR-026), JSON format
without log file.

Validation tightening (W1, W2): upstream host validation, ACME contact email
validation.

Robustness (W3, W4, W5, W12): upstream URI error handling (502 not silent
drop), admin socket resource limits (ADR-027), TlsMode wildcard mismatch,
http_port u32→u16.

Code quality (W6, W10, W11, S1, S3, W8/W9): config type consolidation,
TokenBucket field visibility, reload_mutex #[cfg(test)], dead code removal,
root cert count logging, misleading test names.

Test coverage (S10): rate limiter ConnectInfo tests (depends on C1 fix).

Review: post-security-fix-review checkpoint covering all critical fixes
and sensitive config consolidation path.
2026-06-12 13:42:37 +00:00

66 lines
1.8 KiB
Markdown
Raw Blame History

---
id: fix/log-root-cert-count
name: Log system root certificate count at startup (S3)
status: pending
depends_on: []
scope: single
risk: trivial
impact: isolated
level: implementation
review_findings: [S3]
---
## Description
`root_certs()` loads native certificates silently — only logs errors. If the
system has zero root certificates (misconfigured CA bundle), all HTTPS upstream
connections will fail with opaque TLS errors and no diagnostic message.
### Changes Required
**`src/proxy/handler.rs`** — `root_certs()` function (lines 246-258):
- Add an info-level log with cert count and warn if zero:
```rust
fn root_certs() -> rustls::RootCertStore {
let mut roots = rustls::RootCertStore::empty();
let result = rustls_native_certs::load_native_certs();
for cert in result.certs {
roots.add(cert).ok();
}
let cert_count = roots.len();
let error_count = result.errors.len();
if cert_count == 0 {
warn!(certs_loaded = cert_count, errors = error_count,
"no system root certificates loaded — HTTPS upstream connections will fail");
} else {
info!(certs_loaded = cert_count, errors = error_count,
"loaded system root certificates");
}
for err in &result.errors {
warn!(error = %err, "failed to load native certificate");
}
roots
}
```
## Acceptance Criteria
- [ ] Info-level log with cert count when certs > 0
- [ ] Warn-level log when cert count is 0
- [ ] Error count included in log output
- [ ] Individual cert load errors still logged at warn level
- [ ] `cargo test` passes
- [ ] `cargo clippy` passes with no warnings
## References
- docs/reviews/003-security-and-bug-review.md — S3 finding
- src/proxy/handler.rs — `root_certs()` function
## Notes
> To be filled on completion
## Summary
> To be filled on completion
Reference in New Issue View Git Blame Copy Permalink