From c36f00be9ebb3dec245cac01efe0827ce237933e Mon Sep 17 00:00:00 2001
From: Andrew Ayer <andrew@sslmate.com>
Date: Thu, 18 Sep 2025 12:50:09 -0400
Subject: [PATCH] Truncate the response body that's returned in error messages
 from logs

---
 ctclient/client.go | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/ctclient/client.go b/ctclient/client.go
index cbf1c9b..c3b9614 100644
--- a/ctclient/client.go
+++ b/ctclient/client.go
@@ -21,6 +21,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"strconv"
 	"time"
 
 	"software.sslmate.com/src/certspotter/cttypes"
@@ -83,7 +84,7 @@ func get(ctx context.Context, httpClient *http.Client, fullURL string) ([]byte,
 	}
 
 	if response.StatusCode != 200 {
-		return nil, fmt.Errorf("Get %q: %s (%q)", fullURL, response.Status, bytes.TrimSpace(responseBody))
+		return nil, fmt.Errorf("Get %q: %s (%s)", fullURL, response.Status, formatResponseBody(responseBody))
 	}
 
 	return responseBody, nil
@@ -152,7 +153,7 @@ func addChainOrPreChain(ctx context.Context, httpClient *http.Client, logURL *ur
 	}
 
 	if response.StatusCode != 200 {
-		return nil, fmt.Errorf("Post %q: %s (%q)", fullURL, response.Status, bytes.TrimSpace(responseBody))
+		return nil, fmt.Errorf("Post %q: %s (%s)", fullURL, response.Status, formatResponseBody(responseBody))
 	}
 
 	sct := new(cttypes.SignedCertificateTimestamp)
@@ -162,3 +163,13 @@ func addChainOrPreChain(ctx context.Context, httpClient *http.Client, logURL *ur
 
 	return sct, nil
 }
+
+func formatResponseBody(body []byte) string {
+	const maxLen = 200
+	body = bytes.TrimSpace(body)
+	if len(body) > maxLen {
+		return strconv.QuoteToASCII(string(body[:maxLen])) + "..."
+	} else {
+		return strconv.QuoteToASCII(string(body))
+	}
+}