diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/openvpn/ssl_verify_openssl.c | 4 | ||||
-rw-r--r-- | src/openvpn/ssl_verify_polarssl.c | 7 |
2 files changed, 7 insertions, 4 deletions
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c index 2482eaa..cbcff02 100644 --- a/src/openvpn/ssl_verify_openssl.c +++ b/src/openvpn/ssl_verify_openssl.c @@ -591,12 +591,12 @@ x509_verify_crl(const char *crl_file, X509 *peer_cert, const char *subject) in = BIO_new_file (crl_file, "r"); if (in == NULL) { - msg (M_ERR, "CRL: cannot read: %s", crl_file); + msg (M_WARN, "CRL: cannot read: %s", crl_file); goto end; } crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); if (crl == NULL) { - msg (M_ERR, "CRL: cannot read CRL from file %s", crl_file); + msg (M_WARN, "CRL: cannot read CRL from file %s", crl_file); goto end; } diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c index 7e8b517..2b7c214 100644 --- a/src/openvpn/ssl_verify_polarssl.c +++ b/src/openvpn/ssl_verify_polarssl.c @@ -371,9 +371,12 @@ x509_verify_crl(const char *crl_file, x509_crt *cert, const char *subject) result_t retval = FAILURE; x509_crl crl = {0}; - if (x509_crl_parse_file(&crl, crl_file) != 0) + int polar_retval = x509_crl_parse_file(&crl, crl_file); + if (polar_retval != 0) { - msg (M_ERR, "CRL: cannot read CRL from file %s", crl_file); + char errstr[128]; + polarssl_strerror(polar_retval, errstr, sizeof(errstr)); + msg (M_WARN, "CRL: cannot read CRL from file %s (%s)", crl_file, errstr); goto end; } |