Conversation
Add 3 debug log calls to the GenerateSelfSignedTLS function in internal/proxy/tls.go to improve observability during TLS certificate generation: - Log CA certificate creation with serial number and validity period - Log server certificate creation with DNS names and IP addresses - Log certificate file paths after writing all three PEM files - Log successful TLS key pair loading These intermediate checkpoints complement the existing entry/exit logs, making it easier to pinpoint where certificate generation fails during troubleshooting (e.g. key generation vs cert signing vs file I/O vs key-pair loading). Co-authored-by: Copilot <[email protected]>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds additional debug-level checkpoint logging inside GenerateSelfSignedTLS to make it easier to diagnose where self-signed TLS generation fails.
Changes:
- Log CA certificate creation details (serial + validity window).
- Log server certificate creation details (SAN DNS names + IPs).
- Log completion of PEM writes and successful keypair load.
Show a summary per file
| File | Description |
|---|---|
internal/proxy/tls.go |
Adds intermediate logTLS debug statements across cert creation, file write, and keypair load steps. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 1/1 changed files
- Comments generated: 1
Comment on lines
+101
to
+102
| logTLS.Printf("CA certificate created: serial=%s, notBefore=%s, notAfter=%s", | ||
| caSerial.String(), notBefore.Format(time.RFC3339), notAfter.Format(time.RFC3339)) |
There was a problem hiding this comment.
PR description says this adds 3 new debug log calls (and 6 total), but the code adds 4 new log statements (CA created, server cert created, PEM files written, key pair loaded) for 6→? total. Please update the PR summary/table and line-count notes to match the actual change set to avoid confusion for reviewers/changelog.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds 3 debug log calls to
GenerateSelfSignedTLSininternal/proxy/tls.gousing the existinglogTLSlogger (logger.New("proxy:tls")).Changes
The function already logged at entry and completion. This PR adds intermediate checkpoints:
logTLS.Printf("CA certificate created: serial=%s, notBefore=%s, notAfter=%s", ...)logTLS.Printf("server certificate created: dnsNames=%v, ipAddresses=%v", ...)logTLS.Printf("TLS certificate files written: caCert=%s, cert=%s, key=%s", ...)logTLS.Print("TLS key pair loaded successfully")Why This Helps
GenerateSelfSignedTLSperforms several distinct operations (key generation, cert signing, file I/O, key-pair loading) where any step can fail independently. Without intermediate logging, a failure at "failed to load server cert pair" gives no indication whether the issue is in the key generation, cert creation, or file writing phases. The new logs pinpoint exactly how far the function progressed before failing.Logging Guidelines Followed
logTLSlogger — no duplicate declarationPrintfused for structured data (serial, SANs, file paths)Printused for simple state confirmationsFiles Changed
internal/proxy/tls.go— 5 lines added (3 log calls + 1 newline separation)