diff options
Diffstat (limited to 'src/openvpn/ssl_verify_polarssl.c')
-rw-r--r-- | src/openvpn/ssl_verify_polarssl.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c index 2edf21d..4852243 100644 --- a/src/openvpn/ssl_verify_polarssl.c +++ b/src/openvpn/ssl_verify_polarssl.c @@ -373,6 +373,8 @@ x509_verify_crl(const char *crl_file, x509_crt *cert, const char *subject) { result_t retval = FAILURE; x509_crl crl = {0}; + struct gc_arena gc = gc_new(); + char *serial; int polar_retval = x509_crl_parse_file(&crl, crl_file); if (polar_retval != 0) @@ -394,7 +396,8 @@ x509_verify_crl(const char *crl_file, x509_crt *cert, const char *subject) if (0 != x509_crt_revoked(cert, &crl)) { - msg (D_HANDSHAKE, "CRL CHECK FAILED: %s is REVOKED", subject); + serial = backend_x509_get_serial_hex(cert, &gc); + msg (D_HANDSHAKE, "CRL CHECK FAILED: %s (serial %s) is REVOKED", subject, (serial ? serial : "NOT AVAILABLE")); goto end; } @@ -402,6 +405,7 @@ x509_verify_crl(const char *crl_file, x509_crt *cert, const char *subject) msg (D_HANDSHAKE, "CRL CHECK OK: %s",subject); end: + gc_free(&gc); x509_crl_free(&crl); return retval; } |