[Spice-devel] [spice-common 1/3] ssl: Improve error message in cert chain verification
Christophe Fergeau
cfergeau at redhat.com
Fri Sep 20 08:07:34 PDT 2013
It contains the same information as before, but should be more readable.
---
common/ssl_verify.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/common/ssl_verify.c b/common/ssl_verify.c
index e10ed52..d4b89f0 100644
--- a/common/ssl_verify.c
+++ b/common/ssl_verify.c
@@ -424,8 +424,8 @@ static int openssl_verify(int preverify_ok, X509_STORE_CTX *ctx)
err = X509_STORE_CTX_get_error(ctx);
if (depth > 0) {
if (!preverify_ok) {
- spice_warning("openssl verify:num=%d:%s:depth=%d:%s", err,
- X509_verify_cert_error_string(err), depth, buf);
+ spice_warning("Error in certificate chain verification: %s (num=%d:depth%d:%s)",
+ X509_verify_cert_error_string(err), err, depth, buf);
v->all_preverify_ok = 0;
/* if certificate verification failed, we can still authorize the server */
--
1.8.3.1
More information about the Spice-devel
mailing list