network-openssl: Show why a certificate failed validation.

git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5116 dbcabf3a-b0e7-0310-adc4-f8d773084564
author: Jilles Tjoelker <jilles@irssi.org> 2010-02-19 17:29:10 +0000
committer: jilles <jilles@dbcabf3a-b0e7-0310-adc4-f8d773084564> 2010-02-19 17:29:10 +0000
commit: f32b3938b0b01b667cb206e8eef28790c5f3134b (patch)
tree: d40bd15eb6bb692b30b8b49982ea6e6818448cdd /src/core/network-openssl.c
parent: f3646abffb05b1f0d7d448882b8439d137c6542a (diff)
download: irssi-f32b3938b0b01b667cb206e8eef28790c5f3134b.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/src/core/network-openssl.c b/src/core/network-openssl.c
index 55f5667a..a800676f 100644
--- a/src/core/network-openssl.c
+++ b/src/core/network-openssl.c
@@ -198,12 +198,16 @@ static gboolean irssi_ssl_verify_hostname(X509 *cert, const char *hostname)
 
 static gboolean irssi_ssl_verify(SSL *ssl, SSL_CTX *ctx, const char* hostname, X509 *cert)
 {
-	if (SSL_get_verify_result(ssl) != X509_V_OK) {
+	long result;
+
+	result = SSL_get_verify_result(ssl);
+	if (result != X509_V_OK) {
 		unsigned char md[EVP_MAX_MD_SIZE];
 		unsigned int n;
 		char *str;
 
-		g_warning("Could not verify SSL servers certificate:");
+		g_warning("Could not verify SSL servers certificate: %s",
+				X509_verify_cert_error_string(result));
 		if ((str = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0)) == NULL)
 			g_warning("  Could not get subject-name from peer certificate");
 		else {
author	Jilles Tjoelker <jilles@irssi.org>	2010-02-19 17:29:10 +0000
committer	jilles <jilles@dbcabf3a-b0e7-0310-adc4-f8d773084564>	2010-02-19 17:29:10 +0000
commit	f32b3938b0b01b667cb206e8eef28790c5f3134b (patch)
tree	d40bd15eb6bb692b30b8b49982ea6e6818448cdd /src/core/network-openssl.c
parent	f3646abffb05b1f0d7d448882b8439d137c6542a (diff)
download	irssi-f32b3938b0b01b667cb206e8eef28790c5f3134b.zip