Imported Upstream version 2.3.5upstream/2.3.5

author: Alberto Gonzalez Iniesta <agi@inittab.org> 2014-10-29 17:43:51 +0100
committer: Alberto Gonzalez Iniesta <agi@inittab.org> 2014-10-29 17:43:51 +0100
commit: 63862ed15e1abb4b29c5a43b469321c928613c62 (patch)
tree: 9c21e69bf5a514459227f5e32f75b8e12916c03f /src/openvpn/ssl_verify_polarssl.c
parent: 809daf3b371e0c2457b5d4bd414382eb67bf8348 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c
index 3fd861c..f8f9ab5 100644
--- a/src/openvpn/ssl_verify_polarssl.c
+++ b/src/openvpn/ssl_verify_polarssl.c
@@ -380,7 +380,7 @@ x509_verify_cert_eku (x509_cert *cert, const char * const expected_oid)
 		}
 	    }
 
-	  if (0 == x509_oid_get_numeric_string( oid_num_str,
+	  if (0 < x509_oid_get_numeric_string( oid_num_str,
 	      sizeof (oid_num_str), oid))
 	    {
 	      msg (D_HANDSHAKE, "++ Certificate has EKU (oid) %s, expects %s",
@@ -414,9 +414,12 @@ x509_verify_crl(const char *crl_file, x509_cert *cert, const char *subject)
   result_t retval = FAILURE;
   x509_crl crl = {0};
 
-  if (x509parse_crlfile(&crl, crl_file) != 0)
+  int polar_retval = x509parse_crlfile(&crl, crl_file);
+  if (polar_retval != 0)
     {
-      msg (M_ERR, "CRL: cannot read CRL from file %s", crl_file);
+      char errstr[128];
+      error_strerror(polar_retval, errstr, sizeof(errstr));
+      msg (M_WARN, "CRL: cannot read CRL from file %s (%s)", crl_file, errstr);
       goto end;
     }
author	Alberto Gonzalez Iniesta <agi@inittab.org>	2014-10-29 17:43:51 +0100
committer	Alberto Gonzalez Iniesta <agi@inittab.org>	2014-10-29 17:43:51 +0100
commit	63862ed15e1abb4b29c5a43b469321c928613c62 (patch)
tree	9c21e69bf5a514459227f5e32f75b8e12916c03f /src/openvpn/ssl_verify_polarssl.c
parent	809daf3b371e0c2457b5d4bd414382eb67bf8348 (diff)