From d572959d35e8920efb8d95d253ededee5d8a34bd Mon Sep 17 00:00:00 2001
From: Steffan Karger <steffan.karger@fox-it.com>
Date: Fri, 22 Mar 2013 09:54:22 +0100
Subject: Improve verify_callback messages

Print the *flags argument, which - for PolarSSL-1.2 - contains the reasons
that the certificate failed (pre-)verification.

Signed-off-by: Joachim Schipper <joachim.schipper@fox-it.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1363942465-3251-4-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7437
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/ssl_verify_polarssl.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/openvpn/ssl_verify_polarssl.c')

diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c
index 653248f..5db4f02 100644
--- a/src/openvpn/ssl_verify_polarssl.c
+++ b/src/openvpn/ssl_verify_polarssl.c
@@ -63,10 +63,10 @@ verify_callback (void *session_obj, x509_cert *cert, int cert_depth,
       char *subject = x509_get_subject(cert, &gc);
 
       if (subject)
-	msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, %s", cert_depth, subject);
+	msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, flags=%x, %s", cert_depth, *flags, subject);
       else
-	msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, could not extract X509 "
-	      "subject string from certificate", cert_depth);
+	msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, flags=%x, could not extract X509 "
+	      "subject string from certificate", *flags, cert_depth);
 
       /* Leave flags set to non-zero to indicate that the cert is not ok */
     }
-- 
cgit