Log more debugging info about certs in Rust

jduo · jduo · commit 7d39c5a4cab5 · 2025-11-05T16:17:13.000-08:00
Signed-off-by: James Duong &lt;duong.james@gmail.com&gt;
diff --git a/glide-core/redis-rs/redis/src/connection.rs b/glide-core/redis-rs/redis/src/connection.rs
@@ -606,6 +606,19 @@ impl ActualConnection {
                 ref tls_params,
             } => {
                 let host: &str = host;
+                
+                // DEBUG: Log TLS connection attempt
+                println!("CLUSTER TLS DEBUG: Creating TLS connection to {}:{}", host, port);
+                if let Some(ref params) = tls_params {
+                    if let Some(ref store) = params.root_cert_store {
+                        println!("CLUSTER TLS DEBUG: Root cert store has {} certificates", store.len());
+                    } else {
+                        println!("CLUSTER TLS DEBUG: No root cert store");
+                    }
+                } else {
+                    println!("CLUSTER TLS DEBUG: No TLS params for {}:{}", host, port);
+                }
+                
                 let config = create_rustls_config(insecure, tls_params.as_ref().cloned())?;
                 let server_name = rustls_pki_types::ServerName::try_from(host)
                     .map_err(|e| {
diff --git a/glide-core/src/client/mod.rs b/glide-core/src/client/mod.rs
@@ -1191,6 +1191,8 @@ async fn create_cluster_client(
         println!("CLUSTER TLS DEBUG: Certificate stream length: {}", combined_certs.len());
         println!("CLUSTER TLS DEBUG: First 50 bytes: {:?}", 
             combined_certs.iter().take(50).collect::<Vec<_>>());
+        println!("CLUSTER TLS DEBUG: Last 50 bytes: {:?}", 
+            combined_certs.iter().rev().take(50).collect::<Vec<_>>());
         
         let tls_certs = TlsCertificates {
             client_tls: None,
@@ -1204,7 +1206,17 @@ async fn create_cluster_client(
     let initial_nodes: Vec<_> = request
         .addresses
         .into_iter()
-        .map(|address| {
+        .enumerate()
+        .map(|(i, address)| {
+            // DEBUG: Log certificate data for each address
+            if let Some(ref params) = tls_params {
+                println!("CLUSTER TLS DEBUG: Address {}: {}:{} - TLS params present", 
+                    i, address.host, get_port(&address));
+            } else {
+                println!("CLUSTER TLS DEBUG: Address {}: {}:{} - No TLS params", 
+                    i, address.host, get_port(&address));
+            }
+            
             get_connection_info(
                 &address,
                 tls_mode,
diff --git a/utils/remote_cluster_manager.py b/utils/remote_cluster_manager.py
@@ -467,6 +467,11 @@ def start_cluster(
                                     cert_content = f.read()
                                     logging.info(f"Certificate {remote_name} length: {len(cert_content)} bytes")
                                     logging.info(f"Certificate {remote_name} first 100 bytes: {cert_content[:100]}")
+                                    logging.info(f"Certificate {remote_name} last 100 bytes: {cert_content[-100:]}")
+                                    
+                                    # Print as hex for exact comparison with Rust output
+                                    hex_first = ' '.join(f'{b:02x}' for b in cert_content[:50])
+                                    logging.info(f"Certificate {remote_name} first 50 bytes hex: {hex_first}")
                                     
                                     # Verify it's valid PEM
                                     if b'-----BEGIN' in cert_content and b'-----END' in cert_content:
@@ -964,6 +969,26 @@ def test_certificates_on_server(self, endpoints: List[str]) -> None:
                 if line.strip():
                     logging.info(f"  {line}")
         
+        # Print raw certificate content for comparison
+        cert_content_cmd = f"cd {self.remote_repo_path}/utils && wc -c tls_crts/ca.crt && head -c 100 tls_crts/ca.crt && echo && tail -c 100 tls_crts/ca.crt"
+        returncode, stdout, stderr = self._execute_remote_command(cert_content_cmd, timeout=5)
+        
+        if returncode == 0:
+            logging.info("Server certificate raw content:")
+            for line in stdout.split('\n'):
+                if line.strip():
+                    logging.info(f"  {line}")
+        
+        # Print certificate as hex for exact comparison
+        cert_hex_cmd = f"cd {self.remote_repo_path}/utils && xxd -l 100 tls_crts/ca.crt"
+        returncode, stdout, stderr = self._execute_remote_command(cert_hex_cmd, timeout=5)
+        
+        if returncode == 0:
+            logging.info("Server certificate hex (first 100 bytes):")
+            for line in stdout.split('\n'):
+                if line.strip():
+                    logging.info(f"  {line}")
+        
         # Test with a simple Rust program on server
         rust_test_program = '''
 use std::fs;
