There may be multiple intermediate certs

author Alexander Chernikov <me@mpls.ie>

Sat, 6 Jul 2024 21:15:29 +0000 (17:15 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Sat, 6 Jul 2024 21:15:29 +0000 (17:15 -0400)
author Alexander Chernikov <me@mpls.ie>
Sat, 6 Jul 2024 21:15:29 +0000 (17:15 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Sat, 6 Jul 2024 21:15:29 +0000 (17:15 -0400)
diff --git a/src/main/tls.c b/src/main/tls.c

index 401b9c5d7fa9c0cb42a110793dfebdb9a6bb2eca..736ee4182e786621d03c4ba46400529e45cdc279 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -2950,10 +2950,6 @@ static char const *cert_attr_names[9][2] = {
  #define FR_TLS_SAN_UPN          (7)
  #define FR_TLS_VALID_SINCE     (8)
  
-static const char *cert_names[2] = {
-       "client", "server",
-};
-
  /*
   *     Before trusting a certificate, you must make sure that the
   *     certificate is 'valid'. There are several steps that your
@@ -3067,7 +3063,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
         buf[0] = '\0';
         sn = X509_get_serialNumber(client_cert);
  
-       RDEBUG2("(TLS) %s - Creating attributes from %s certificate", conf->name, cert_names[lookup ]);
+       RDEBUG2("(TLS) %s - Creating attributes from %d certificate in chain", conf->name, lookup + 1);
         RINDENT();
  
         /*
author	Alexander Chernikov <me@mpls.ie>
	Sat, 6 Jul 2024 21:15:29 +0000 (17:15 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Sat, 6 Jul 2024 21:15:29 +0000 (17:15 -0400)