src/hg/utils/hubCheck/hubCheck.c f90dad3fd12f2d38f0407507297343d692a56a48

f90dad3fd12f2d38f0407507297343d692a56a48
galt
  Fri Nov 19 14:42:03 2021 -0800
Adding log setting to httpsCertCheck and making it the new default. This makes it even softer on users, gives us more time to prepare, only logs certs to stderr and only if run as a CGI so that SCRIPT_NAME env var is set. The user does not see anything diffent in behavior and output for log level, but we see cert issues in the log.

diff --git src/hg/utils/hubCheck/hubCheck.c src/hg/utils/hubCheck/hubCheck.c
index ca85837..60f0da0 100644
--- src/hg/utils/hubCheck/hubCheck.c
+++ src/hg/utils/hubCheck/hubCheck.c
@@ -1154,37 +1154,41 @@
 checkOptions->version = version;
 
 char *extraFile = optionVal("extra", NULL);
 if (extraFile != NULL)
     addExtras(extraFile, checkOptions);
 
 cacheTime = optionInt("cacheTime", cacheTime);
 udcSetCacheTimeout(cacheTime);
 // UDC cache dir: first check for hg.conf setting, then override with command line option if given.
 setUdcCacheDir();
 udcSetDefaultDir(optionVal("udcDir", udcDefaultDir()));
 
 char *httpsCertCheck = optionVal("httpsCertCheck", NULL);
 if (httpsCertCheck)
     {
-    if (sameString(httpsCertCheck, "abort") || sameString(httpsCertCheck, "warn") || sameString(httpsCertCheck, "none"))
+    // secretly accept level log for testing, but you only see something if SCRIPT_NAME env variable is set like CGIs have.
+    if (sameString(httpsCertCheck, "abort") || sameString(httpsCertCheck, "warn") || sameString(httpsCertCheck, "log") || sameString(httpsCertCheck, "none"))
 	{
 	setenv("https_cert_check", httpsCertCheck, 1);
 	}
     else
 	{
-	verbose(1, "The value of -httpsCertCheck should be either abort to avoid Man-in-middle attack, warn to warn about failed certs, or none indicating the verify is skipped.");
+	// log level is not very useful, but included it for completeness.
+	verbose(1, "The value of -httpsCertCheck should be either abort to avoid Man-in-middle attack,\n"
+		"warn to warn about failed certs,\n"
+		"none indicating the verify is skipped entirely.");
 	usage();
 	}
     }
 
 knetUdcInstall();  // make the htslib library use udc
 
 if (optionExists("settings"))
     {
     showSettings(checkOptions);
     return 0;
     }
 
 // hgHubConnect specific option for generating a jstree of the hub errors
 checkOptions->htmlOut = optionExists("htmlOut");
 struct dyString *errors = newDyString(1024);