Print the *flags argument, which - for PolarSSL-1.2 - contains the reasons
that the certificate failed (pre-)verification.
Signed-off-by: Joachim Schipper <joachim.schipper@fox-it.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1363942465-3251-4-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7437
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit d572959d35e8920efb8d95d253ededee5d8a34bd)
... | ... |
@@ -63,10 +63,10 @@ verify_callback (void *session_obj, x509_cert *cert, int cert_depth, |
63 | 63 |
char *subject = x509_get_subject(cert, &gc); |
64 | 64 |
|
65 | 65 |
if (subject) |
66 |
- msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, %s", cert_depth, subject); |
|
66 |
+ msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, flags=%x, %s", cert_depth, *flags, subject); |
|
67 | 67 |
else |
68 |
- msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, could not extract X509 " |
|
69 |
- "subject string from certificate", cert_depth); |
|
68 |
+ msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, flags=%x, could not extract X509 " |
|
69 |
+ "subject string from certificate", *flags, cert_depth); |
|
70 | 70 |
|
71 | 71 |
/* Leave flags set to non-zero to indicate that the cert is not ok */ |
72 | 72 |
} |