]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4321117)
credential-manager: Log subject of trusted cert before building trust chain
authorTobias Brunner <tobias@strongswan.org>
Thu, 2 Jun 2022 09:25:19 +0000 (11:25 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 2 Jun 2022 09:25:19 +0000 (11:25 +0200)
This should make it clearer to what the log messages generated by
verify_trust_chain() are related (in particular if building the chain
fails or the cert has expired).

src/libstrongswan/credentials/credential_manager.c patch | blob | blame | history

diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index 3be0190a1f1a5f5f551101804a31c51212711c0c..5a6f57a2485044b02e64eab333fb59f89ff94281 100644 (file)
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -867,6 +867,8 @@ METHOD(enumerator_t, trusted_enumerate, bool,
                this->pretrusted = get_pretrusted_cert(this->this, this->type, this->id);
                if (this->pretrusted)
                {
+                       DBG1(DBG_CFG, "  using trusted certificate \"%Y\"",
+                                this->pretrusted->get_subject(this->pretrusted));
                        /* if we find a trusted self signed certificate, we just accept it.
                         * However, in order to fulfill authorization rules, we try to build
                         * the trust chain if it is not self signed */
@@ -874,8 +876,6 @@ METHOD(enumerator_t, trusted_enumerate, bool,
                                verify_trust_chain(this->this, this->pretrusted, this->auth,
                                                                   TRUE, this->online))
                        {
-                               DBG1(DBG_CFG, "  using trusted certificate \"%Y\"",
-                                        this->pretrusted->get_subject(this->pretrusted));
                                *cert = this->pretrusted;
                                if (!this->auth->get(this->auth, AUTH_RULE_SUBJECT_CERT))
                                {       /* add cert to auth info, if not returned by trustchain */
Unnamed repository; edit this file 'description' to name the repository.