degesch: log certificate verification errors

At last, there should be no more serious issues with TLS.
author: Přemysl Janouch <p.janouch@gmail.com> 2015-07-12 06:03:28 +0200
committer: Přemysl Janouch <p.janouch@gmail.com> 2015-07-12 06:03:28 +0200
commit: 88b2200051556a3b268a73f2b9f81e6bec6920f1 (patch)
tree: 9ba6e9495f63c0d40b52eef4e8ff905338b79b3f /degesch.c
parent: c3243c8f502e66d0dc22099392665a62c6b6d48b (diff)
download: xK-88b2200051556a3b268a73f2b9f81e6bec6920f1.tar.gz
xK-88b2200051556a3b268a73f2b9f81e6bec6920f1.tar.xz
xK-88b2200051556a3b268a73f2b9f81e6bec6920f1.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/degesch.c b/degesch.c
index 70387c4..0ba4880 100644
--- a/degesch.c
+++ b/degesch.c
@@ -3860,6 +3860,13 @@ transport_tls_verify_callback (int preverify_ok, X509_STORE_CTX *ctx)
 	log_server_status (s, s->buffer, "Certificate subject: #s", subject);
 	log_server_status (s, s->buffer, "Certificate issuer: #s", issuer);
 
+	if (!preverify_ok)
+	{
+		log_server_error (s, s->buffer,
+			"Certificate verification failed: #s",
+			X509_verify_cert_error_string (X509_STORE_CTX_get_error (ctx)));
+	}
+
 	free (subject);
 	free (issuer);
 	return preverify_ok;
author	Přemysl Janouch <p.janouch@gmail.com>	2015-07-12 06:03:28 +0200
committer	Přemysl Janouch <p.janouch@gmail.com>	2015-07-12 06:03:28 +0200
commit	88b2200051556a3b268a73f2b9f81e6bec6920f1 (patch)
tree	9ba6e9495f63c0d40b52eef4e8ff905338b79b3f /degesch.c
parent	c3243c8f502e66d0dc22099392665a62c6b6d48b (diff)
download	xK-88b2200051556a3b268a73f2b9f81e6bec6920f1.tar.gz xK-88b2200051556a3b268a73f2b9f81e6bec6920f1.tar.xz xK-88b2200051556a3b268a73f2b9f81e6bec6920f1.zip