OpenSSL: Split OCSP peer_cert/peer_issuer debug output into parts

This makes it clearer which certificate was missing.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 28b1313f8b68cfbd8217da968f10780513c22bc4..c0822407f68f329c1ea47c4e03e0c8f204fca662 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2862,8 +2862,15 @@ static int ocsp_resp_cb(SSL *s, void *arg)
 
        wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response verification succeeded");
 
-       if (!conn->peer_cert || !conn->peer_issuer) {
-               wpa_printf(MSG_DEBUG, "OpenSSL: Peer certificate or issue certificate not available for OCSP status check");
+       if (!conn->peer_cert) {
+               wpa_printf(MSG_DEBUG, "OpenSSL: Peer certificate not available for OCSP status check");
+               OCSP_BASICRESP_free(basic);
+               OCSP_RESPONSE_free(rsp);
+               return 0;
+       }
+
+       if (!conn->peer_issuer) {
+               wpa_printf(MSG_DEBUG, "OpenSSL: Peer issuer certificate not available for OCSP status check");
                OCSP_BASICRESP_free(basic);
                OCSP_RESPONSE_free(rsp);
                return 0;