Gitweb:
http://git.exim.org/exim.git/commitdiff/1eca31ca1f8ce70e589b305048bacd81cf6e1ae4
Commit: 1eca31ca1f8ce70e589b305048bacd81cf6e1ae4
Parent: a4b62fcfa0fc6c06d453ffbe0a6fb43788d41fa1
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Mon Aug 4 16:03:39 2014 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Mon Aug 4 16:03:39 2014 +0100
Better logging of OCSP fails
---
src/src/tls-openssl.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 18994ea..e562a89 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -888,7 +888,7 @@ if(!(rsp = d2i_OCSP_RESPONSE(NULL, &p, len)))
{
tls_out.ocsp = OCSP_FAILED;
if (log_extra_selector & LX_tls_cipher)
- log_write(0, LOG_MAIN, "Received TLS status response, parse error");
+ log_write(0, LOG_MAIN, "Received TLS cert status response, parse error");
else
DEBUG(D_tls) debug_printf(" parse error\n");
return 0;
@@ -898,7 +898,7 @@ if(!(bs = OCSP_response_get1_basic(rsp)))
{
tls_out.ocsp = OCSP_FAILED;
if (log_extra_selector & LX_tls_cipher)
- log_write(0, LOG_MAIN, "Received TLS status response, error parsing response");
+ log_write(0, LOG_MAIN, "Received TLS cert status response, error parsing response");
else
DEBUG(D_tls) debug_printf(" error parsing response\n");
OCSP_RESPONSE_free(rsp);
@@ -928,6 +928,8 @@ if(!(bs = OCSP_response_get1_basic(rsp)))
cbinfo->u_ocsp.client.verify_store, 0)) <= 0)
{
tls_out.ocsp = OCSP_FAILED;
+ if (log_extra_selector & LX_tls_cipher)
+ log_write(0, LOG_MAIN, "Received TLS cert status response, itself unverifiable");
BIO_printf(bp, "OCSP response verify failure\n");
ERR_print_errors(bp);
i = cbinfo->u_ocsp.client.verify_required ? 0 : 1;
