[Spice-commits] common/ssl_verify.c

Marc-André Lureau elmarco at kemper.freedesktop.org
Fri Oct 19 10:33:10 PDT 2012

 common/ssl_verify.c |    3 +++
 1 file changed, 3 insertions(+)

New commits:
commit 8543d04cd238638ac54912f29a0990915ff51b6d
Author: Marc-André Lureau <marcandre.lureau at gmail.com>
Date:   Thu Oct 18 21:20:54 2012 +0200

    ssl-verify: use more explicit error message
    When the server certificate is not being signed by the provided CA,
    the SSL debug message is currently for example:
    ssl_verify.c:428:openssl_verify: openssl verify:num=19:self signed
    certificate in certificate chain:depth=1:/C=IL/L=Raanana/O=Red
    Hat/CN=my CA
    Add a more explicit debug message too, as requested in bug:

diff --git a/common/ssl_verify.c b/common/ssl_verify.c
index 6c9deca..e10ed52 100644
--- a/common/ssl_verify.c
+++ b/common/ssl_verify.c
@@ -434,6 +434,9 @@ static int openssl_verify(int preverify_ok, X509_STORE_CTX *ctx)
                 v->verifyop & SPICE_SSL_VERIFY_OP_PUBKEY)
                 return 1;
+            if (err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)
+                spice_debug("server certificate not being signed by the provided CA");
             return 0;
         } else
             return 1;

More information about the Spice-commits mailing list