Skip to content

add warning log when certs are expired/not yet valid#3153

Open
YiwenZhang12 wants to merge 6 commits into
valkey-io:unstablefrom
YiwenZhang12:feature/certlog
Open

add warning log when certs are expired/not yet valid#3153
YiwenZhang12 wants to merge 6 commits into
valkey-io:unstablefrom
YiwenZhang12:feature/certlog

Conversation

@YiwenZhang12

@YiwenZhang12 YiwenZhang12 commented Feb 2, 2026

Copy link
Copy Markdown
Contributor

Goal
Provide clear, consistent logging for expired server owned TLS certs (server/client/CA) at startup/reload and during runtime.

What changed

  • Added an hourly cron check that scans server‑owned TLS certs (server/client/CA) and logs only expired certs, including the cert serial for identification.

  • Refined startup/reload validation to emit one specific warning per validity issue (expired / not‑yet‑valid / invalid validity period), removing generic error logs.

  • CA expiry logging is now capped at three per interval, with a count summary for additional expired CAs.

Example logs:

20766:M 02 Feb 2026 19:08:26.180 # Server TLS certificate has expired (serial 01).
21020:M 02 Feb 2026 19:09:21.441 # Client TLS certificate has expired (serial 02).
21108:M 02 Feb 2026 19:09:43.388 # CA TLS certificate has expired (serial 05).

for multiple ca cert invalid:

# CA TLS certificate has expired (serial 05).
# CA TLS certificate has expired (serial 07).
# CA TLS certificate has expired (serial 09).
# CA TLS certificates expired: 5 (logged 3).

@YiwenZhang12 YiwenZhang12 changed the title add warning log when certs are expired/not yet valid [WIP] add warning log when certs are expired/not yet valid Feb 3, 2026
@YiwenZhang12

YiwenZhang12 commented Feb 3, 2026

Copy link
Copy Markdown
Contributor Author

This PR adds logging only and is independent of the KPI PR #2913 , but related in purpose.

@YiwenZhang12 YiwenZhang12 changed the title [WIP] add warning log when certs are expired/not yet valid add warning log when certs are expired/not yet valid Feb 3, 2026
Yiwen Zhang added 6 commits February 4, 2026 10:13
Signed-off-by: Yiwen Zhang <yiwen_zhang@apple.com>
Signed-off-by: Yiwen Zhang <yiwen_zhang@apple.com>
Signed-off-by: Yiwen Zhang <yiwen_zhang@apple.com>
Signed-off-by: Yiwen Zhang <yiwen_zhang@apple.com>
Signed-off-by: Yiwen Zhang <yiwen_zhang@apple.com>
Signed-off-by: Yiwen Zhang <yiwen_zhang@apple.com>
@codecov

codecov Bot commented Feb 4, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.78%. Comparing base (5d7d542) to head (a52c18f).

Additional details and impacted files
@@             Coverage Diff              @@
##           unstable    #3153      +/-   ##
============================================
+ Coverage     74.72%   74.78%   +0.06%     
============================================
  Files           129      129              
  Lines         71309    71309              
============================================
+ Hits          53284    53330      +46     
+ Misses        18025    17979      -46     
Files with missing lines Coverage Δ
src/server.c 89.43% <ø> (ø)
src/tls.c 18.75% <ø> (ø)

... and 24 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant