From the documentation section 8.2.5, Error log format, it seems the error log format is fixed (HAProxy version 2.1.0).

That complicates TLS client certificate errors logging and debugging, because in case of any error it does not log any details about the client certificate.

For example:

10.2.0.41:56102 [14/Jun/2020:20:13:28.293] grpc_bk/1: SSL client certificate not trusted

What I would like to know:

• Which certificate was used (DN, SHA-1, serial, issuer)?
• Other handshake details such as the TLS version, key exchange, cipher, etc.

Hence hereby a feature request to either make error log format configurable or add the above mentioned details to the TLS error messages.