diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2018-01-07 20:24:46 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2018-01-07 20:32:03 +0000 |
| commit | 57887eccbbb5043d2a25777d081f54c870b256c8 (patch) | |
| tree | 52b9739758f0cecee5f04ccd19e8525783de0738 | |
| parent | 0b8f4f1a0c68bd48a98fb033039bac7d88182b6f (diff) | |
OpenSSL: better debug info for OCSP
| -rw-r--r-- | src/src/tls-openssl.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 7735bd971..e269854ff 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -1364,7 +1364,7 @@ if(!(bs = OCSP_response_get1_basic(rsp))) int status, reason; ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; - DEBUG(D_tls) bp = BIO_new_fp(stderr, BIO_NOCLOSE); + DEBUG(D_tls) bp = BIO_new_fp(debug_file, BIO_NOCLOSE); /*OCSP_RESPONSE_print(bp, rsp, 0); extreme debug: stapling content */ @@ -1375,10 +1375,12 @@ if(!(bs = OCSP_response_get1_basic(rsp))) cbinfo->u_ocsp.client.verify_store, 0)) <= 0) { tls_out.ocsp = OCSP_FAILED; - if (LOGGING(tls_cipher)) - log_write(0, LOG_MAIN, "Received TLS cert status response, itself unverifiable"); + if (LOGGING(tls_cipher)) log_write(0, LOG_MAIN, + "Received TLS cert status response, itself unverifiable: %s", + ERR_reason_error_string(ERR_peek_error())); BIO_printf(bp, "OCSP response verify failure\n"); ERR_print_errors(bp); + OCSP_RESPONSE_print(bp, rsp, 0); goto failed; } @@ -1810,7 +1812,7 @@ if (expcerts && *expcerts) ) { log_write(0, LOG_MAIN|LOG_PANIC, - "failed to load cert hain from %s", file); + "failed to load cert chain from %s", file); return DEFER; } #endif |