From f32b3938b0b01b667cb206e8eef28790c5f3134b Mon Sep 17 00:00:00 2001
From: Jilles Tjoelker <jilles@irssi.org>
Date: Fri, 19 Feb 2010 17:29:10 +0000
Subject: network-openssl: Show why a certificate failed validation.

git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5116 dbcabf3a-b0e7-0310-adc4-f8d773084564
---
 src/core/network-openssl.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/core/network-openssl.c b/src/core/network-openssl.c
index 55f5667a..a800676f 100644
--- a/src/core/network-openssl.c
+++ b/src/core/network-openssl.c
@@ -198,12 +198,16 @@ static gboolean irssi_ssl_verify_hostname(X509 *cert, const char *hostname)
 
 static gboolean irssi_ssl_verify(SSL *ssl, SSL_CTX *ctx, const char* hostname, X509 *cert)
 {
-	if (SSL_get_verify_result(ssl) != X509_V_OK) {
+	long result;
+
+	result = SSL_get_verify_result(ssl);
+	if (result != X509_V_OK) {
 		unsigned char md[EVP_MAX_MD_SIZE];
 		unsigned int n;
 		char *str;
 
-		g_warning("Could not verify SSL servers certificate:");
+		g_warning("Could not verify SSL servers certificate: %s",
+				X509_verify_cert_error_string(result));
 		if ((str = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0)) == NULL)
 			g_warning("  Could not get subject-name from peer certificate");
 		else {
-- 
cgit v1.2.3