Fix accidental debug logging in the OCSP helper client (#28450)

* Fix accidental debug logging in the OCSP helper client

* changelog

changelog/28450.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+auth/cert: During certificate validation, OCSP requests are debug logged even if Vault's log level is above DEBUG.
+```

sdk/helper/ocsp/client.go

@@ -612,6 +612,7 @@ func (c *Client) GetRevocationStatus(ctx context.Context, subject, issuer *x509.
 		timeout := defaultOCSPResponderTimeout
 
 		ocspClient := retryablehttp.NewClient()
+		ocspClient.Logger = c.Logger()
 		ocspClient.RetryMax = conf.OcspMaxRetries
 		ocspClient.HTTPClient.Timeout = timeout
 		ocspClient.HTTPClient.Transport = newInsecureOcspTransport(conf.ExtraCas)

sdk/helper/ocsp/ocsp_test.go

@@ -50,15 +50,16 @@ func TestOCSP(t *testing.T) {
 	for _, tgt := range targetURL {
 		c.ocspResponseCache, _ = lru.New2Q(10)
 		for _, tr := range transports {
-			c := &http.Client{
-				Transport: tr,
-				Timeout:   30 * time.Second,
-			}
-			req, err := http.NewRequest("GET", tgt, bytes.NewReader(nil))
+			ocspClient := retryablehttp.NewClient()
+			ocspClient.Logger = c.Logger()
+			ocspClient.RetryMax = conf.OcspMaxRetries
+			ocspClient.HTTPClient.Timeout = 30 * time.Second
+			ocspClient.HTTPClient.Transport = tr
+			req, err := retryablehttp.NewRequest("GET", tgt, bytes.NewReader(nil))
 			if err != nil {
 				t.Fatalf("fail to create a request. err: %v", err)
 			}
-			res, err := c.Do(req)
+			res, err := ocspClient.Do(req)
 			if err != nil {
 				t.Fatalf("failed to GET contents. err: %v", err)
 			}