security: add telemetry for OCSP server checks#53685
Merged
craig[bot] merged 1 commit intocockroachdb:masterfrom Sep 1, 2020
Merged
security: add telemetry for OCSP server checks#53685craig[bot] merged 1 commit intocockroachdb:masterfrom
craig[bot] merged 1 commit intocockroachdb:masterfrom
Conversation
Member
|
This change is |
irfansharif
approved these changes
Aug 31, 2020
pkg/security/ocsp.go
Outdated
|
|
||
| // ocspChecksCounter counts the number of connections that are | ||
| // undergoing OCSP validations. This counter exists so that | ||
| // the value of ocspCheckWithOCSPServerInCert can be interpreted |
Contributor
There was a problem hiding this comment.
s/ocspCheckWithOCSPServerInCert/ocspCheckWithOCSPServerInCertCounter?
This commit adds two telemetry counters: - `server.ocsp.conn-verifications` counts the number of connections for which the OCSP feature is enabled - `server.ocsp.cert-verifications` counts the number of times a certificate actually underwent OCSP verification. Release justification: low risk, high benefit changes to existing functionality Release note: None
2651217 to
66f3a96
Compare
Contributor
Author
|
bors r=irfansharif |
Contributor
|
This PR was included in a batch that was canceled, it will be automatically retried |
Contributor
|
Build succeeded: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #53473
cc @thtruo
This commit adds two telemetry counters:
server.ocsp.conn-verificationscounts the number of connectionsfor which the OCSP feature is enabled
server.ocsp.cert-verificationscounts the number of timesa certificate actually underwent OCSP verification.
Release justification: low risk, high benefit changes to existing functionality
Release note: None