]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
projects / thirdparty / freeradius-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8221f70)
point people to the configuration which controls this message
authorAlan T. DeKok <aland@freeradius.org>
Mon, 31 Jul 2023 14:35:18 +0000 (10:35 -0400)
committerAlan T. DeKok <aland@freeradius.org>
Thu, 3 Aug 2023 14:42:05 +0000 (10:42 -0400)
src/main/tls.c patch | blob | blame | history

diff --git a/src/main/tls.c b/src/main/tls.c
index e9c8a0c37488242d214ce1d50415745bc1a2344d..3f3c40b1f77c70aa062e01c25c72d6f7a36ae3bd 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -3372,8 +3372,10 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
                        if (conf->disallow_untrusted || RDEBUG_ENABLED2) {
                                int  i;
 
-                               WARN("Certificate chain - %i cert(s) untrusted",
+                               WARN("Certificate chain - %i intermediate CA cert(s) untrusted",
                                     X509_STORE_CTX_get_num_untrusted(ctx));
+                               WARN("To forbid these certificates see 'reject_unknown_intermediate_ca'");
+
                                for (i = sk_X509_num(untrusted); i > 0 ; i--) {
                                        X509 *this_cert = sk_X509_value(untrusted, i - 1);
 
Mirror of https://github.com/FreeRADIUS/freeradius-server.git