Copy TLS cert VPs to request, even on fail.

This lets you log *why* it failed, and for who

diff --git a/src/main/tls.c b/src/main/tls.c
index 5d2af7edc7db3e2bf8202e502c6bf6723ce4f0ca..254e4d51217622903f5f6fe90a57cedd419a8c87 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -2150,10 +2150,12 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
                        unlink(filename);
                        break;
                }
-
-
        } /* depth == 0 */
 
+       if (certs && request && !my_ok) {
+               fr_pair_add(&request->packet->vps, fr_pair_list_copy(request->packet, *certs));
+       }
+
        if (RDEBUG_ENABLED3) {
                RDEBUG3("chain-depth   : %d", depth);
                RDEBUG3("error         : %d", err);