37 lines
1.3 KiB
Diff
37 lines
1.3 KiB
Diff
From 89474b9f712f46ff7f69e92f17f932cc1c977f52 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
|
Date: Tue, 23 Oct 2012 17:46:22 +0300
|
|
Subject: [PATCH 21/21] ssl-verify: use more explicit error message
|
|
|
|
When the server certificate is not being signed by the provided CA,
|
|
the SSL debug message is currently for example:
|
|
|
|
ssl_verify.c:428:openssl_verify: openssl verify:num=19:self signed
|
|
certificate in certificate chain:depth=1:/C=IL/L=Raanana/O=Red
|
|
Hat/CN=my CA
|
|
|
|
Add a more explicit debug message too, as requested in bug:
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=846666
|
|
---
|
|
spice-common/common/ssl_verify.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/spice-common/common/ssl_verify.c b/spice-common/common/ssl_verify.c
|
|
index 6c9deca..e10ed52 100644
|
|
--- a/spice-common/common/ssl_verify.c
|
|
+++ b/spice-common/common/ssl_verify.c
|
|
@@ -434,6 +434,9 @@ static int openssl_verify(int preverify_ok, X509_STORE_CTX *ctx)
|
|
v->verifyop & SPICE_SSL_VERIFY_OP_PUBKEY)
|
|
return 1;
|
|
|
|
+ if (err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)
|
|
+ spice_debug("server certificate not being signed by the provided CA");
|
|
+
|
|
return 0;
|
|
} else
|
|
return 1;
|
|
--
|
|
1.7.12.1
|
|
|