[Spice-devel] [spice-common 1/3] ssl: Improve error message in cert chain verification
Uri Lublin
uril at redhat.com
Wed Oct 9 12:24:44 CEST 2013
On 09/20/2013 06:07 PM, Christophe Fergeau wrote:
> It contains the same information as before, but should be more readable.
> ---
> common/ssl_verify.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/common/ssl_verify.c b/common/ssl_verify.c
> index e10ed52..d4b89f0 100644
> --- a/common/ssl_verify.c
> +++ b/common/ssl_verify.c
> @@ -424,8 +424,8 @@ static int openssl_verify(int preverify_ok, X509_STORE_CTX *ctx)
> err = X509_STORE_CTX_get_error(ctx);
> if (depth > 0) {
> if (!preverify_ok) {
> - spice_warning("openssl verify:num=%d:%s:depth=%d:%s", err,
> - X509_verify_cert_error_string(err), depth, buf);
> + spice_warning("Error in certificate chain verification: %s (num=%d:depth%d:%s)",
> + X509_verify_cert_error_string(err), err, depth, buf);
> v->all_preverify_ok = 0;
>
> /* if certificate verification failed, we can still authorize the server */
Ack series.
More information about the Spice-devel
mailing list