summaryrefslogtreecommitdiff
path: root/src/openvpn/ssl_verify_mbedtls.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/openvpn/ssl_verify_mbedtls.c')
-rw-r--r--src/openvpn/ssl_verify_mbedtls.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c
index 2d019ab..9389103 100644
--- a/src/openvpn/ssl_verify_mbedtls.c
+++ b/src/openvpn/ssl_verify_mbedtls.c
@@ -34,7 +34,7 @@
#include "syshead.h"
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_MBEDTLS)
+#if defined(ENABLE_CRYPTO_MBEDTLS)
#include "crypto_mbedtls.h"
#include "ssl_verify.h"
@@ -68,6 +68,7 @@ verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth,
int ret = 0;
char errstr[512] = { 0 };
char *subject = x509_get_subject(cert, &gc);
+ char *serial = backend_x509_get_serial(cert, &gc);
ret = mbedtls_x509_crt_verify_info(errstr, sizeof(errstr)-1, "", *flags);
if (ret <= 0 && !openvpn_snprintf(errstr, sizeof(errstr),
@@ -82,8 +83,8 @@ verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth,
if (subject)
{
- msg(D_TLS_ERRORS, "VERIFY ERROR: depth=%d, subject=%s: %s",
- cert_depth, subject, errstr);
+ msg(D_TLS_ERRORS, "VERIFY ERROR: depth=%d, subject=%s, serial=%s: %s",
+ cert_depth, subject, serial ? serial : "<not available>", errstr);
}
else
{
@@ -550,4 +551,4 @@ tls_verify_crl_missing(const struct tls_options *opt)
return false;
}
-#endif /* #if defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_MBEDTLS) */
+#endif /* #if defined(ENABLE_CRYPTO_MBEDTLS) */