diff --git a/sgfw/socks_server_chain.go b/sgfw/socks_server_chain.go index 05ba9d5..990d7be 100644 --- a/sgfw/socks_server_chain.go +++ b/sgfw/socks_server_chain.go @@ -410,15 +410,19 @@ func (c *socksChainSession) forwardTraffic(tls bool) { } if err != nil { + x509ValidationError := STR_REDACTED + if !FirewallConfig.LogRedact { + x509ValidationError = err.Error() + } if c.pinfo.Sandbox != "" { - log.Errorf("TLSGuard violation: Dropping traffic from %s (sandbox: %s) to %s: %v", c.pinfo.ExePath, c.pinfo.Sandbox, dest, err) + log.Errorf("TLSGuard violation: Dropping traffic from %s (sandbox: %s) to %s: %s", c.pinfo.ExePath, c.pinfo.Sandbox, dest, x509ValidationError) } else { - log.Errorf("TLSGuard violation: Dropping traffic from %s (unsandboxed) to %s: %v", c.pinfo.ExePath, dest, err) + log.Errorf("TLSGuard violation: Dropping traffic from %s (unsandboxed) to %s: %s", c.pinfo.ExePath, dest, x509ValidationError) } return - } else { + } /*else { log.Notice("TLSGuard approved certificate presented for connection to: ", dest) - } + } */ } var wg sync.WaitGroup