From 00dac0c030ed805c89ab9564e198cec9a2ec1e58 Mon Sep 17 00:00:00 2001
From: Peter Bieringer <pb@bieringer.de>
Date: Wed, 13 Nov 2024 22:20:13 +0100
Subject: [PATCH] add logging for ssl cert/key and cafile

---
 radicale/server.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/radicale/server.py b/radicale/server.py
index 497d492e..9cf6af8f 100644
--- a/radicale/server.py
+++ b/radicale/server.py
@@ -185,6 +185,7 @@ class ParallelHTTPSServer(ParallelHTTPServer):
                     "(%s)" % (type_name, name, "server", source, filename,
                               e)) from e
         context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+        logger.info("SSL load files certificate='%s' key='%s'", certfile, keyfile)
         context.load_cert_chain(certfile=certfile, keyfile=keyfile)
         if protocol:
             logger.info("SSL set explicit protocol: '%s'", protocol)
@@ -204,6 +205,7 @@ class ParallelHTTPSServer(ParallelHTTPServer):
             cipherlist.append(entry["name"])
         logger.info("SSL accepted ciphers: %s", ' '.join(cipherlist))
         if cafile:
+            logger.info("SSL enable mandatory client certificate verification using CA file='%s'", cafile)
             context.load_verify_locations(cafile=cafile)
             context.verify_mode = ssl.CERT_REQUIRED
         self.socket = context.wrap_socket(