ACK (I don't know if the error message is fully accurate, but this can be improved on later) Christophe On Thu, Oct 18, 2012 at 09:23:12PM +0200, Marc-André Lureau wrote: > When the server certificate is not being signed by the provided CA, > the SSL debug message is currently for example: > > ssl_verify.c:428:openssl_verify: openssl verify:num=19:self signed > certificate in certificate chain:depth=1:/C=IL/L=Raanana/O=Red > Hat/CN=my CA > > Add a more explicit debug message too, as requested in bug: > > https://bugzilla.redhat.com/show_bug.cgi?id=846666 > --- > common/ssl_verify.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/common/ssl_verify.c b/common/ssl_verify.c > index 6c9deca..e10ed52 100644 > --- a/common/ssl_verify.c > +++ b/common/ssl_verify.c > @@ -434,6 +434,9 @@ static int openssl_verify(int preverify_ok, X509_STORE_CTX *ctx) > v->verifyop & SPICE_SSL_VERIFY_OP_PUBKEY) > return 1; > > + if (err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) > + spice_debug("server certificate not being signed by the provided CA"); > + > return 0; > } else > return 1; > -- > 1.7.11.7 > > _______________________________________________ > Spice-devel mailing list > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > http://lists.freedesktop.org/mailman/listinfo/spice-devel
Attachment:
pgpjKZU87GMve.pgp
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel