aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPřemysl Janouch <p.janouch@gmail.com>2015-07-12 06:03:28 +0200
committerPřemysl Janouch <p.janouch@gmail.com>2015-07-12 06:03:28 +0200
commit88b2200051556a3b268a73f2b9f81e6bec6920f1 (patch)
tree9ba6e9495f63c0d40b52eef4e8ff905338b79b3f
parentc3243c8f502e66d0dc22099392665a62c6b6d48b (diff)
downloadxK-88b2200051556a3b268a73f2b9f81e6bec6920f1.tar.gz
xK-88b2200051556a3b268a73f2b9f81e6bec6920f1.tar.xz
xK-88b2200051556a3b268a73f2b9f81e6bec6920f1.zip
degesch: log certificate verification errors
At last, there should be no more serious issues with TLS.
-rw-r--r--degesch.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/degesch.c b/degesch.c
index 70387c4..0ba4880 100644
--- a/degesch.c
+++ b/degesch.c
@@ -3860,6 +3860,13 @@ transport_tls_verify_callback (int preverify_ok, X509_STORE_CTX *ctx)
log_server_status (s, s->buffer, "Certificate subject: #s", subject);
log_server_status (s, s->buffer, "Certificate issuer: #s", issuer);
+ if (!preverify_ok)
+ {
+ log_server_error (s, s->buffer,
+ "Certificate verification failed: #s",
+ X509_verify_cert_error_string (X509_STORE_CTX_get_error (ctx)));
+ }
+
free (subject);
free (issuer);
return preverify_ok;