1.9 KiB
1.9 KiB
id, name, status, depends_on, scope, risk, impact, level, review_findings
| id | name | status | depends_on | scope | risk | impact | level | review_findings | |
|---|---|---|---|---|---|---|---|---|---|
| fix/log-root-cert-count | Log system root certificate count at startup (S3) | completed | single | trivial | isolated | implementation |
|
Description
root_certs() loads native certificates silently — only logs errors. If the
system has zero root certificates (misconfigured CA bundle), all HTTPS upstream
connections will fail with opaque TLS errors and no diagnostic message.
Changes Required
src/proxy/handler.rs — root_certs() function (lines 246-258):
- Add an info-level log with cert count and warn if zero:
fn root_certs() -> rustls::RootCertStore { let mut roots = rustls::RootCertStore::empty(); let result = rustls_native_certs::load_native_certs(); for cert in result.certs { roots.add(cert).ok(); } let cert_count = roots.len(); let error_count = result.errors.len(); if cert_count == 0 { warn!(certs_loaded = cert_count, errors = error_count, "no system root certificates loaded — HTTPS upstream connections will fail"); } else { info!(certs_loaded = cert_count, errors = error_count, "loaded system root certificates"); } for err in &result.errors { warn!(error = %err, "failed to load native certificate"); } roots }
Acceptance Criteria
- Info-level log with cert count when certs > 0
- Warn-level log when cert count is 0
- Error count included in log output
- Individual cert load errors still logged at warn level
cargo testpassescargo clippypasses with no warnings
References
- docs/reviews/003-security-and-bug-review.md — S3 finding
- src/proxy/handler.rs —
root_certs()function
Notes
To be filled on completion
Summary
To be filled on completion