From: Steffan Karger <steffan.kar...@fox-it.com> Print the *flags argument, which - for PolarSSL-1.2 - contains the reasons that the certificate failed (pre-)verification.
Signed-off-by: Joachim Schipper <joachim.schip...@fox-it.com> --- src/openvpn/ssl_verify_polarssl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c index a32db8d..79255cb 100644 --- a/src/openvpn/ssl_verify_polarssl.c +++ b/src/openvpn/ssl_verify_polarssl.c @@ -64,10 +64,10 @@ verify_callback (void *session_obj, x509_cert *cert, int cert_depth, char *subject = x509_get_subject(cert, &gc); if (subject) - msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, %s", cert_depth, subject); + msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, flags=%0x, %s", cert_depth, *flags, subject); else - msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, could not extract X509 " - "subject string from certificate", cert_depth); + msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, flags=%0x, could not extract X509 " + "subject string from certificate", *flags, cert_depth); goto cleanup; } -- 1.7.9.5