Merge tag 'upstream/2.3.5'

Upstream version 2.3.5
author: Alberto Gonzalez Iniesta <agi@inittab.org> 2014-10-29 17:43:51 +0100
committer: Alberto Gonzalez Iniesta <agi@inittab.org> 2014-10-29 17:43:51 +0100
commit: 4d0c77888c6b17b11390eaefe41e14229365c463 (patch)
tree: 76db22e48b28d96f16a7ce0111109b00b6f519c3 /src/openvpn/ssl_verify_polarssl.c
parent: 52a3e3b0ad96506d705d1759f5a41b40563167ec (diff)
parent: 63862ed15e1abb4b29c5a43b469321c928613c62 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c
index 3fd861c..f8f9ab5 100644
--- a/src/openvpn/ssl_verify_polarssl.c
+++ b/src/openvpn/ssl_verify_polarssl.c
@@ -380,7 +380,7 @@ x509_verify_cert_eku (x509_cert *cert, const char * const expected_oid)
 		}
 	    }
 
-	  if (0 == x509_oid_get_numeric_string( oid_num_str,
+	  if (0 < x509_oid_get_numeric_string( oid_num_str,
 	      sizeof (oid_num_str), oid))
 	    {
 	      msg (D_HANDSHAKE, "++ Certificate has EKU (oid) %s, expects %s",
@@ -414,9 +414,12 @@ x509_verify_crl(const char *crl_file, x509_cert *cert, const char *subject)
   result_t retval = FAILURE;
   x509_crl crl = {0};
 
-  if (x509parse_crlfile(&crl, crl_file) != 0)
+  int polar_retval = x509parse_crlfile(&crl, crl_file);
+  if (polar_retval != 0)
     {
-      msg (M_ERR, "CRL: cannot read CRL from file %s", crl_file);
+      char errstr[128];
+      error_strerror(polar_retval, errstr, sizeof(errstr));
+      msg (M_WARN, "CRL: cannot read CRL from file %s (%s)", crl_file, errstr);
       goto end;
     }
author	Alberto Gonzalez Iniesta <agi@inittab.org>	2014-10-29 17:43:51 +0100
committer	Alberto Gonzalez Iniesta <agi@inittab.org>	2014-10-29 17:43:51 +0100
commit	4d0c77888c6b17b11390eaefe41e14229365c463 (patch)
tree	76db22e48b28d96f16a7ce0111109b00b6f519c3 /src/openvpn/ssl_verify_polarssl.c
parent	52a3e3b0ad96506d705d1759f5a41b40563167ec (diff)
parent	63862ed15e1abb4b29c5a43b469321c928613c62 (diff)