summaryrefslogtreecommitdiffstats
path: root/src/openvpn/ssl_verify_polarssl.c
diff options
context:
space:
mode:
authorSteffan Karger <steffan.karger@fox-it.com>2013-03-22 09:54:22 +0100
committerGert Doering <gert@greenie.muc.de>2013-03-22 16:54:32 +0100
commitd572959d35e8920efb8d95d253ededee5d8a34bd (patch)
tree52de8e083ea3e57c490730e343b8c82e74e3f438 /src/openvpn/ssl_verify_polarssl.c
parent0219f115f3a2711d5c51457d6e97d6930916653b (diff)
downloadopenvpn-d572959d35e8920efb8d95d253ededee5d8a34bd.tar.gz
openvpn-d572959d35e8920efb8d95d253ededee5d8a34bd.tar.xz
openvpn-d572959d35e8920efb8d95d253ededee5d8a34bd.zip
Improve verify_callback messages
Print the *flags argument, which - for PolarSSL-1.2 - contains the reasons that the certificate failed (pre-)verification. Signed-off-by: Joachim Schipper <joachim.schipper@fox-it.com> Acked-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1363942465-3251-4-git-send-email-steffan.karger@fox-it.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/7437 Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/ssl_verify_polarssl.c')
-rw-r--r--src/openvpn/ssl_verify_polarssl.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c
index 653248f..5db4f02 100644
--- a/src/openvpn/ssl_verify_polarssl.c
+++ b/src/openvpn/ssl_verify_polarssl.c
@@ -63,10 +63,10 @@ verify_callback (void *session_obj, x509_cert *cert, int cert_depth,
char *subject = x509_get_subject(cert, &gc);
if (subject)
- msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, %s", cert_depth, subject);
+ msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, flags=%x, %s", cert_depth, *flags, subject);
else
- msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, could not extract X509 "
- "subject string from certificate", cert_depth);
+ msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, flags=%x, could not extract X509 "
+ "subject string from certificate", *flags, cert_depth);
/* Leave flags set to non-zero to indicate that the cert is not ok */
}
generated by cgit (git 2.34.1) at 2024-05-03 02:04:12 +0000