Copilot commented on code in PR #12951:
URL: https://github.com/apache/trafficserver/pull/12951#discussion_r2913469784
##########
src/iocore/net/OCSPStapling.cc:
##########
@@ -1406,10 +1406,15 @@ ssl_callback_ocsp_stapling(SSL *ssl, void *)
time_t current_time = time(nullptr);
if ((cinf->resp_derlen == 0 || cinf->is_expire) || (cinf->expire_time <
current_time && !cinf->is_prefetched)) {
ink_mutex_release(&cinf->stapling_mutex);
- Dbg(dbg_ctl_ssl_ocsp, "ssl_callback_ocsp_stapling: failed to get
certificate status for %s", cinf->certname);
+ Error("ssl_callback_ocsp_stapling: failed to get certificate status for
%s", cinf->certname);
Review Comment:
The log level for "failed to get certificate status" was changed from `Dbg`
to `Error`. This condition is triggered when the OCSP response has expired or
is missing, which can occur frequently in normal operation (e.g., before the
first fetch or during a prefetch cycle). Logging this at `Error` level may
produce excessive noise in production logs. Consider using a warning level
(e.g., `Warning`) instead, to indicate an actionable but non-fatal condition.
```suggestion
Warning("ssl_callback_ocsp_stapling: failed to get certificate status
for %s", cinf->certname);
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
