From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 2 Jun 2022 09:25:19 +0000 (+0200)
Subject: credential-manager: Log subject of trusted cert before building trust chain
X-Git-Tag: 5.9.7dr2~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=735515b3a7dfe60430f056a428a39c69d50358f6;p=thirdparty%2Fstrongswan.git

credential-manager: Log subject of trusted cert before building trust chain

This should make it clearer to what the log messages generated by
verify_trust_chain() are related (in particular if building the chain
fails or the cert has expired).
---

diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index 3be0190a1f..5a6f57a248 100644
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -867,6 +867,8 @@ METHOD(enumerator_t, trusted_enumerate, bool,
 		this->pretrusted = get_pretrusted_cert(this->this, this->type, this->id);
 		if (this->pretrusted)
 		{
+			DBG1(DBG_CFG, "  using trusted certificate \"%Y\"",
+				 this->pretrusted->get_subject(this->pretrusted));
 			/* if we find a trusted self signed certificate, we just accept it.
 			 * However, in order to fulfill authorization rules, we try to build
 			 * the trust chain if it is not self signed */
@@ -874,8 +876,6 @@ METHOD(enumerator_t, trusted_enumerate, bool,
 				verify_trust_chain(this->this, this->pretrusted, this->auth,
 								   TRUE, this->online))
 			{
-				DBG1(DBG_CFG, "  using trusted certificate \"%Y\"",
-					 this->pretrusted->get_subject(this->pretrusted));
 				*cert = this->pretrusted;
 				if (!this->auth->get(this->auth, AUTH_RULE_SUBJECT_CERT))
 				{	/* add cert to auth info, if not returned by trustchain */