diff options
author | Marc-André Lureau <marcandre.lureau@gmail.com> | 2012-10-18 21:20:54 +0200 |
---|---|---|
committer | Marc-André Lureau <marcandre.lureau@gmail.com> | 2012-10-18 21:20:54 +0200 |
commit | 8543d04cd238638ac54912f29a0990915ff51b6d (patch) | |
tree | 73088c7f92c3d82924f86ab55a1ec1bfae67c3ec /common/ssl_verify.c | |
parent | 222607814fde8d42bd1b08ad4aaf8439e729c593 (diff) | |
download | spice-common-8543d04cd238638ac54912f29a0990915ff51b6d.tar.gz spice-common-8543d04cd238638ac54912f29a0990915ff51b6d.tar.xz spice-common-8543d04cd238638ac54912f29a0990915ff51b6d.zip |
ssl-verify: use more explicit error message
When the server certificate is not being signed by the provided CA,
the SSL debug message is currently for example:
ssl_verify.c:428:openssl_verify: openssl verify:num=19:self signed
certificate in certificate chain:depth=1:/C=IL/L=Raanana/O=Red
Hat/CN=my CA
Add a more explicit debug message too, as requested in bug:
https://bugzilla.redhat.com/show_bug.cgi?id=846666
Diffstat (limited to 'common/ssl_verify.c')
-rw-r--r-- | common/ssl_verify.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/common/ssl_verify.c b/common/ssl_verify.c index 6c9deca..e10ed52 100644 --- a/common/ssl_verify.c +++ b/common/ssl_verify.c @@ -434,6 +434,9 @@ static int openssl_verify(int preverify_ok, X509_STORE_CTX *ctx) v->verifyop & SPICE_SSL_VERIFY_OP_PUBKEY) return 1; + if (err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) + spice_debug("server certificate not being signed by the provided CA"); + return 0; } else return 1; |