[exim-cvs] Better logging of OCSP fails

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Better logging of OCSP fails
Gitweb: http://git.exim.org/exim.git/commitdiff/1eca31ca1f8ce70e589b305048bacd81cf6e1ae4
Commit:     1eca31ca1f8ce70e589b305048bacd81cf6e1ae4
Parent:     a4b62fcfa0fc6c06d453ffbe0a6fb43788d41fa1
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Mon Aug 4 16:03:39 2014 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Mon Aug 4 16:03:39 2014 +0100


    Better logging of OCSP fails
---
 src/src/tls-openssl.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)


diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 18994ea..e562a89 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -888,7 +888,7 @@ if(!(rsp = d2i_OCSP_RESPONSE(NULL, &p, len)))
  {
   tls_out.ocsp = OCSP_FAILED;
   if (log_extra_selector & LX_tls_cipher)
-    log_write(0, LOG_MAIN, "Received TLS status response, parse error");
+    log_write(0, LOG_MAIN, "Received TLS cert status response, parse error");
   else
     DEBUG(D_tls) debug_printf(" parse error\n");
   return 0;
@@ -898,7 +898,7 @@ if(!(bs = OCSP_response_get1_basic(rsp)))
   {
   tls_out.ocsp = OCSP_FAILED;
   if (log_extra_selector & LX_tls_cipher)
-    log_write(0, LOG_MAIN, "Received TLS status response, error parsing response");
+    log_write(0, LOG_MAIN, "Received TLS cert status response, error parsing response");
   else
     DEBUG(D_tls) debug_printf(" error parsing response\n");
   OCSP_RESPONSE_free(rsp);
@@ -928,6 +928,8 @@ if(!(bs = OCSP_response_get1_basic(rsp)))
           cbinfo->u_ocsp.client.verify_store, 0)) <= 0)
       {
       tls_out.ocsp = OCSP_FAILED;
+      if (log_extra_selector & LX_tls_cipher)
+    log_write(0, LOG_MAIN, "Received TLS cert status response, itself unverifiable");
       BIO_printf(bp, "OCSP response verify failure\n");
       ERR_print_errors(bp);
       i = cbinfo->u_ocsp.client.verify_required ? 0 : 1;