From 88b2200051556a3b268a73f2b9f81e6bec6920f1 Mon Sep 17 00:00:00 2001
From: Přemysl Janouch <p.janouch@gmail.com>
Date: Sun, 12 Jul 2015 06:03:28 +0200
Subject: degesch: log certificate verification errors

At last, there should be no more serious issues with TLS.
---
 degesch.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/degesch.c b/degesch.c
index 70387c4..0ba4880 100644
--- a/degesch.c
+++ b/degesch.c
@@ -3860,6 +3860,13 @@ transport_tls_verify_callback (int preverify_ok, X509_STORE_CTX *ctx)
 	log_server_status (s, s->buffer, "Certificate subject: #s", subject);
 	log_server_status (s, s->buffer, "Certificate issuer: #s", issuer);
 
+	if (!preverify_ok)
+	{
+		log_server_error (s, s->buffer,
+			"Certificate verification failed: #s",
+			X509_verify_cert_error_string (X509_STORE_CTX_get_error (ctx)));
+	}
+
 	free (subject);
 	free (issuer);
 	return preverify_ok;
-- 
cgit v1.2.3-70-g09d2