gnutls-serv: print when the peer's certificate is not verified

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2015-04-20 12:45:56 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2015-04-20 12:46:14 +0200
commit: ca3ea05b9b6b45d151c6e80247387c1767afe633 (patch)
tree: f403e8fc353ca8183352b735d9b249f76e4a1f8e /src/serv.c
parent: 09f63be30d61c557e7596664b1e3f39deca30bb6 (diff)
download: gnutls-ca3ea05b9b6b45d151c6e80247387c1767afe633.tar.gz
1 files changed, 10 insertions, 6 deletions
diff --git a/src/serv.c b/src/serv.c
index a1f9adfa8e..f29b0d8570 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -300,13 +300,17 @@ int ret;
 		if (!require_cert && gnutls_certificate_get_peers(session, &size) == NULL)
 			return 0;
 
-		if ((require_cert || ENABLED_OPT(VERIFY_CLIENT_CERT)) && cert_verify(session, NULL, NULL) == 0) {
-			do {
-				ret = gnutls_alert_send(session, GNUTLS_AL_FATAL, GNUTLS_A_ACCESS_DENIED);
-			} while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
+		if (require_cert || ENABLED_OPT(VERIFY_CLIENT_CERT)) {
+			if (cert_verify(session, NULL, NULL) == 0) {
+				do {
+					ret = gnutls_alert_send(session, GNUTLS_AL_FATAL, GNUTLS_A_ACCESS_DENIED);
+				} while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
 
-			j->http_state = HTTP_STATE_CLOSING;
-			return -1;
+				j->http_state = HTTP_STATE_CLOSING;
+				return -1;
+			}
+		} else {
+			printf("- Peer's certificate was NOT verified.\n");
 		}
 	}
 	return 0;
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2015-04-20 12:45:56 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2015-04-20 12:46:14 +0200
commit	ca3ea05b9b6b45d151c6e80247387c1767afe633 (patch)
tree	f403e8fc353ca8183352b735d9b249f76e4a1f8e /src/serv.c
parent	09f63be30d61c557e7596664b1e3f39deca30bb6 (diff)
download	gnutls-ca3ea05b9b6b45d151c6e80247387c1767afe633.tar.gz