From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Tue, 24 Sep 2013 13:36:06 +0000 (+0300)
Subject: OpenSSL: Split OCSP peer_cert/peer_issuer debug output into parts
X-Git-Tag: hostap_2_1~928
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=762c92a4446e7de8018e617952060616a6ee154a;p=thirdparty%2Fhostap.git

OpenSSL: Split OCSP peer_cert/peer_issuer debug output into parts

This makes it clearer which certificate was missing.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 28b1313f8..c0822407f 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2862,8 +2862,15 @@ static int ocsp_resp_cb(SSL *s, void *arg)
 
 	wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response verification succeeded");
 
-	if (!conn->peer_cert || !conn->peer_issuer) {
-		wpa_printf(MSG_DEBUG, "OpenSSL: Peer certificate or issue certificate not available for OCSP status check");
+	if (!conn->peer_cert) {
+		wpa_printf(MSG_DEBUG, "OpenSSL: Peer certificate not available for OCSP status check");
+		OCSP_BASICRESP_free(basic);
+		OCSP_RESPONSE_free(rsp);
+		return 0;
+	}
+
+	if (!conn->peer_issuer) {
+		wpa_printf(MSG_DEBUG, "OpenSSL: Peer issuer certificate not available for OCSP status check");
 		OCSP_BASICRESP_free(basic);
 		OCSP_RESPONSE_free(rsp);
 		return 0;