ssl-verify: use more explicit error message

When the server certificate is not being signed by the provided CA, the SSL debug message is currently for example: ssl_verify.c:428:openssl_verify: openssl verify:num=19:self signed certificate in certificate chain:depth=1:/C=IL/L=Raanana/O=Red Hat/CN=my CA Add a more explicit debug message too, as requested in bug: https://bugzilla.redhat.com/show_bug.cgi?id=846666
author: Marc-André Lureau <marcandre.lureau@gmail.com> 2012-10-18 21:20:54 +0200
committer: Marc-André Lureau <marcandre.lureau@gmail.com> 2012-10-18 21:20:54 +0200
commit: 8543d04cd238638ac54912f29a0990915ff51b6d (patch)
tree: 73088c7f92c3d82924f86ab55a1ec1bfae67c3ec
parent: 222607814fde8d42bd1b08ad4aaf8439e729c593 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/common/ssl_verify.c b/common/ssl_verify.c
index 6c9deca..e10ed52 100644
--- a/common/ssl_verify.c
+++ b/common/ssl_verify.c
@@ -434,6 +434,9 @@ static int openssl_verify(int preverify_ok, X509_STORE_CTX *ctx)
                 v->verifyop & SPICE_SSL_VERIFY_OP_PUBKEY)
                 return 1;
 
+            if (err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)
+                spice_debug("server certificate not being signed by the provided CA");
+
             return 0;
         } else
             return 1;
author	Marc-André Lureau <marcandre.lureau@gmail.com>	2012-10-18 21:20:54 +0200
committer	Marc-André Lureau <marcandre.lureau@gmail.com>	2012-10-18 21:20:54 +0200
commit	8543d04cd238638ac54912f29a0990915ff51b6d (patch)
tree	73088c7f92c3d82924f86ab55a1ec1bfae67c3ec
parent	222607814fde8d42bd1b08ad4aaf8439e729c593 (diff)