summaryrefslogtreecommitdiff
path: root/app/openvpn/src/openvpn/ssl_verify_polarssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'app/openvpn/src/openvpn/ssl_verify_polarssl.c')
-rw-r--r--app/openvpn/src/openvpn/ssl_verify_polarssl.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/app/openvpn/src/openvpn/ssl_verify_polarssl.c b/app/openvpn/src/openvpn/ssl_verify_polarssl.c
index 71d38a9d..2b7c214f 100644
--- a/app/openvpn/src/openvpn/ssl_verify_polarssl.c
+++ b/app/openvpn/src/openvpn/ssl_verify_polarssl.c
@@ -337,7 +337,7 @@ x509_verify_cert_eku (x509_crt *cert, const char * const expected_oid)
}
}
- if (0 == x509_oid_get_numeric_string( oid_num_str,
+ if (0 < x509_oid_get_numeric_string( oid_num_str,
sizeof (oid_num_str), oid))
{
msg (D_HANDSHAKE, "++ Certificate has EKU (oid) %s, expects %s",
@@ -371,9 +371,12 @@ x509_verify_crl(const char *crl_file, x509_crt *cert, const char *subject)
result_t retval = FAILURE;
x509_crl crl = {0};
- if (x509_crl_parse_file(&crl, crl_file) != 0)
+ int polar_retval = x509_crl_parse_file(&crl, crl_file);
+ if (polar_retval != 0)
{
- msg (M_ERR, "CRL: cannot read CRL from file %s", crl_file);
+ char errstr[128];
+ polarssl_strerror(polar_retval, errstr, sizeof(errstr));
+ msg (M_WARN, "CRL: cannot read CRL from file %s (%s)", crl_file, errstr);
goto end;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-27 12:13:49 +0000