From acc446b803e0ef02faadab63cc0071b86a5e516c Mon Sep 17 00:00:00 2001
From: Patrick Zheng <patrickzheng@microsoft.com>
Date: Tue, 24 Sep 2024 09:46:53 +0800
Subject: [PATCH] log

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 verifier/verifier.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/verifier/verifier.go b/verifier/verifier.go
index 0b62904e..17e5cfb2 100644
--- a/verifier/verifier.go
+++ b/verifier/verifier.go
@@ -816,7 +816,14 @@ func revocationFinalResult(certResults []*revocationresult.CertRevocationResult,
 		}
 		for _, serverResult := range certResult.ServerResults {
 			if serverResult.Error != nil {
-				// log the revocation error
+				// log individual server errors
+				if certResult.RevocationMethod == revocationresult.RevocationMethodOCSPFallbackCRL && serverResult.RevocationMethod == revocationresult.RevocationMethodOCSP {
+					// when the final revocation method is OCSPFallbackCRL,
+					// the OCSP server results should not be logged as an error
+					// since the CRL revocation check can succeed.
+					logger.Debugf("Certificate #%d in chain with subject %v encountered an error for revocation method %s at URL %q: %v", (i + 1), cert.Subject.String(), revocationresult.RevocationMethodOCSP, serverResult.Server, serverResult.Error)
+					continue
+				}
 				logger.Errorf("Certificate #%d in chain with subject %v encountered an error for revocation method %s at URL %q: %v", (i + 1), cert.Subject.String(), serverResult.RevocationMethod, serverResult.Server, serverResult.Error)
 			}
 		}