summaryrefslogtreecommitdiffstats
path: root/src/openvpn/ssl_verify_polarssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/openvpn/ssl_verify_polarssl.c')
-rw-r--r--src/openvpn/ssl_verify_polarssl.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c
index 2edf21d..4852243 100644
--- a/src/openvpn/ssl_verify_polarssl.c
+++ b/src/openvpn/ssl_verify_polarssl.c
@@ -373,6 +373,8 @@ x509_verify_crl(const char *crl_file, x509_crt *cert, const char *subject)
{
result_t retval = FAILURE;
x509_crl crl = {0};
+ struct gc_arena gc = gc_new();
+ char *serial;
int polar_retval = x509_crl_parse_file(&crl, crl_file);
if (polar_retval != 0)
@@ -394,7 +396,8 @@ x509_verify_crl(const char *crl_file, x509_crt *cert, const char *subject)
if (0 != x509_crt_revoked(cert, &crl))
{
- msg (D_HANDSHAKE, "CRL CHECK FAILED: %s is REVOKED", subject);
+ serial = backend_x509_get_serial_hex(cert, &gc);
+ msg (D_HANDSHAKE, "CRL CHECK FAILED: %s (serial %s) is REVOKED", subject, (serial ? serial : "NOT AVAILABLE"));
goto end;
}
@@ -402,6 +405,7 @@ x509_verify_crl(const char *crl_file, x509_crt *cert, const char *subject)
msg (D_HANDSHAKE, "CRL CHECK OK: %s",subject);
end:
+ gc_free(&gc);
x509_crl_free(&crl);
return retval;
}
generated by cgit (git 2.34.1) at 2024-05-04 11:12:24 +0000