summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2014-08-11 17:10:12 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2014-08-11 17:10:12 +0100
commit2acad458c10bee63c168a7b16fc26f1b1e448bbd (patch)
tree58347ebaccfae131c410747101086de45c29f4f4
parenta612424f526dbe6a0bde0658cf104b41a8458d05 (diff)
parent1eca31ca1f8ce70e589b305048bacd81cf6e1ae4 (diff)
Better logging of OCSP fails
Diffstat
-rw-r--r--src/src/tls-openssl.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 18994eaa9..e562a8926 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -888,7 +888,7 @@ if(!(rsp = d2i_OCSP_RESPONSE(NULL, &p, len)))
{
tls_out.ocsp = OCSP_FAILED;
if (log_extra_selector & LX_tls_cipher)
- log_write(0, LOG_MAIN, "Received TLS status response, parse error");
+ log_write(0, LOG_MAIN, "Received TLS cert status response, parse error");
else
DEBUG(D_tls) debug_printf(" parse error\n");
return 0;
@@ -898,7 +898,7 @@ if(!(bs = OCSP_response_get1_basic(rsp)))
{
tls_out.ocsp = OCSP_FAILED;
if (log_extra_selector & LX_tls_cipher)
- log_write(0, LOG_MAIN, "Received TLS status response, error parsing response");
+ log_write(0, LOG_MAIN, "Received TLS cert status response, error parsing response");
else
DEBUG(D_tls) debug_printf(" error parsing response\n");
OCSP_RESPONSE_free(rsp);
@@ -928,6 +928,8 @@ if(!(bs = OCSP_response_get1_basic(rsp)))
cbinfo->u_ocsp.client.verify_store, 0)) <= 0)
{
tls_out.ocsp = OCSP_FAILED;
+ if (log_extra_selector & LX_tls_cipher)
+ log_write(0, LOG_MAIN, "Received TLS cert status response, itself unverifiable");
BIO_printf(bp, "OCSP response verify failure\n");
ERR_print_errors(bp);
i = cbinfo->u_ocsp.client.verify_required ? 0 : 1;
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-22 02:52:19 +0000