[Spice-devel] [PATCH spice-common] ssl-verify: use more explicit error message
Marc-André Lureau
marcandre.lureau at gmail.com
Thu Oct 18 12:23:12 PDT 2012
When the server certificate is not being signed by the provided CA,
the SSL debug message is currently for example:
ssl_verify.c:428:openssl_verify: openssl verify:num=19:self signed
certificate in certificate chain:depth=1:/C=IL/L=Raanana/O=Red
Hat/CN=my CA
Add a more explicit debug message too, as requested in bug:
https://bugzilla.redhat.com/show_bug.cgi?id=846666
---
common/ssl_verify.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/common/ssl_verify.c b/common/ssl_verify.c
index 6c9deca..e10ed52 100644
--- a/common/ssl_verify.c
+++ b/common/ssl_verify.c
@@ -434,6 +434,9 @@ static int openssl_verify(int preverify_ok, X509_STORE_CTX *ctx)
v->verifyop & SPICE_SSL_VERIFY_OP_PUBKEY)
return 1;
+ if (err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)
+ spice_debug("server certificate not being signed by the provided CA");
+
return 0;
} else
return 1;
--
1.7.11.7
More information about the Spice-devel
mailing list