diff options
author | Steffan Karger <steffan.karger@fox-it.com> | 2013-03-22 09:54:22 +0100 |
---|---|---|
committer | Gert Doering <gert@greenie.muc.de> | 2013-03-22 16:58:22 +0100 |
commit | b3ac0bc2ad962b2968939e0e03e888c0d4193114 (patch) | |
tree | ff2d7b4f8acc3be4908f6fac3b9251da01333859 /src/openvpn/ssl_verify_polarssl.c | |
parent | bf71c15a2f3ccb0acc6360dfbe071f6bcbf71538 (diff) | |
download | openvpn-b3ac0bc2ad962b2968939e0e03e888c0d4193114.tar.gz openvpn-b3ac0bc2ad962b2968939e0e03e888c0d4193114.tar.xz openvpn-b3ac0bc2ad962b2968939e0e03e888c0d4193114.zip |
Improve verify_callback messages
Print the *flags argument, which - for PolarSSL-1.2 - contains the reasons
that the certificate failed (pre-)verification.
Signed-off-by: Joachim Schipper <joachim.schipper@fox-it.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1363942465-3251-4-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7437
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit d572959d35e8920efb8d95d253ededee5d8a34bd)
Diffstat (limited to 'src/openvpn/ssl_verify_polarssl.c')
-rw-r--r-- | src/openvpn/ssl_verify_polarssl.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c index 653248f..5db4f02 100644 --- a/src/openvpn/ssl_verify_polarssl.c +++ b/src/openvpn/ssl_verify_polarssl.c @@ -63,10 +63,10 @@ verify_callback (void *session_obj, x509_cert *cert, int cert_depth, char *subject = x509_get_subject(cert, &gc); if (subject) - msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, %s", cert_depth, subject); + msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, flags=%x, %s", cert_depth, *flags, subject); else - msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, could not extract X509 " - "subject string from certificate", cert_depth); + msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, flags=%x, could not extract X509 " + "subject string from certificate", *flags, cert_depth); /* Leave flags set to non-zero to indicate that the cert is not ok */ } |