OpenSSL: Report peer certificate before stopping due to validation issue

author Jouni Malinen <jouni@codeaurora.org>

Tue, 11 Jun 2019 22:23:23 +0000 (01:23 +0300)

committer Jouni Malinen <jouni@codeaurora.org>

Fri, 14 Jun 2019 20:10:50 +0000 (23:10 +0300)
author Jouni Malinen <jouni@codeaurora.org>
Tue, 11 Jun 2019 22:23:23 +0000 (01:23 +0300)
committer Jouni Malinen <jouni@codeaurora.org>
Fri, 14 Jun 2019 20:10:50 +0000 (23:10 +0300)
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c

index 9980f032daa0b05f212f1b355b718afc18784b65..3c142d34dd0167d7a037eab8c53fb9a8cf79ed34 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2375,6 +2375,8 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
         }
  #endif /* CONFIG_SHA256 */
  
+       openssl_tls_cert_event(conn, err_cert, depth, buf);
+
         if (!preverify_ok) {
                 wpa_printf(MSG_WARNING, "TLS: Certificate verification failed,"
                            " error %d (%s) depth %d for '%s'", err, err_str,
@@ -2431,8 +2433,7 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
                 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
                                        "Domain mismatch",
                                        TLS_FAIL_DOMAIN_MISMATCH);
-       } else
-               openssl_tls_cert_event(conn, err_cert, depth, buf);
+       }
  
         if (conn->cert_probe && preverify_ok && depth == 0) {
                 wpa_printf(MSG_DEBUG, "OpenSSL: Reject server certificate "
author	Jouni Malinen <jouni@codeaurora.org>
	Tue, 11 Jun 2019 22:23:23 +0000 (01:23 +0300)
committer	Jouni Malinen <jouni@codeaurora.org>
	Fri, 14 Jun 2019 20:10:50 +0000 (23:10 +0300)