- Fix for #997: Print details for SSL certificate failure.

diff --git a/doc/Changelog b/doc/Changelog
index e57943241e91df9b7d88a110cd440b7159c0b6eb..b87d32b9d426f82fe5aae2ef01090ceb3a8586d0 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+22 January 2024: Wouter
+       - Fix for #997: Print details for SSL certificate failure.
+
 17 January 2024: Wouter
        - Update workflow for ports to use newer openssl on windows compile.
        - Fix warning for windres on resource files due to redefinition.

diff --git a/util/netevent.c b/util/netevent.c
index 1750a3192b1b612d39ef50d7d82ea97512df99ad..1fc8c6b8658eabced2ed27283b13779ce2525a7d 100644 (file)
--- a/util/netevent.c
+++ b/util/netevent.c
@@ -1672,8 +1672,13 @@ ssl_handshake(struct comm_point* c)
                } else {
                        unsigned long err = ERR_get_error();
                        if(!squelch_err_ssl_handshake(err)) {
+                               long vr;
                                log_crypto_err_io_code("ssl handshake failed",
                                        want, err);
+                               if((vr=SSL_get_verify_result(c->ssl)) != 0)
+                                       log_err("ssl handshake cert error: %s",
+                                               X509_verify_cert_error_string(
+                                               vr));
                                log_addr(VERB_OPS, "ssl handshake failed",
                                        &c->repinfo.remote_addr,
                                        c->repinfo.remote_addrlen);