auth-cfg: Improve log message for identity constraint mismatch error

author Florian Bezannier <florian.bezannier@hotmail.fr>

Thu, 1 Feb 2024 15:43:35 +0000 (16:43 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Mon, 12 Feb 2024 09:25:23 +0000 (10:25 +0100)
author Florian Bezannier <florian.bezannier@hotmail.fr>
Thu, 1 Feb 2024 15:43:35 +0000 (16:43 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Mon, 12 Feb 2024 09:25:23 +0000 (10:25 +0100)
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c

index 2bff538d6b5ad03ae57ff4e9fd343701953069ca..675694dcbc792932d92ff0bfd5c8ebd00466572f 100644 (file)
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -956,13 +956,34 @@ METHOD(auth_cfg_t, complies, bool,
                                                 {
                                                         break;
                                                 }
+                                               if (log_error)
+                                               {
+                                                       DBG1(DBG_CFG, "constraint check failed: certificate"
+                                                                " does not confirm identity '%Y' (%N)",
+                                                                id1, id_type_names, id1->get_type(id1));
+                                               }
+                                               success = FALSE;
+                                               break;
                                         }
                                         success = FALSE;
-                                       if (log_error)
+                                       if (!log_error)
+                                       {
+                                               break;
+                                   }
+                                       if (id2)
+                                       {
+                                               DBG1(DBG_CFG, "constraint check failed: %sidentity '%Y'"
+                                                        " (%N) required, not matched by '%Y' (%N)",
+                                                        t1 == AUTH_RULE_IDENTITY ? "" : "EAP ",
+                                                        id1, id_type_names, id1->get_type(id1),
+                                                        id2, id_type_names, id2->get_type(id2));
+                                       }
+                                       else
                                         {
                                                 DBG1(DBG_CFG, "constraint check failed: %sidentity '%Y'"
-                                                        " required ", t1 == AUTH_RULE_IDENTITY ? "" :
-                                                        "EAP ", id1);
+                                                        " (%N) required",
+                                                        t1 == AUTH_RULE_IDENTITY ? "" : "EAP ",
+                                                        id1, id_type_names, id1->get_type(id1));
                                         }
                                 }
                                 break;
author	Florian Bezannier <florian.bezannier@hotmail.fr>
	Thu, 1 Feb 2024 15:43:35 +0000 (16:43 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Mon, 12 Feb 2024 09:25:23 +0000 (10:25 +0100)