From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 13 Sep 2021 21:13:24 +0000 (-0400)
Subject: copy certs even on failure, so that they can be logged.
X-Git-Tag: release_3_0_24~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=be01e4ad9f96c0e1b688ceca66c5209be21b8078;p=thirdparty%2Ffreeradius-server.git

copy certs even on failure, so that they can be logged.

finalizing commit c157da82eb
---

diff --git a/src/main/tls.c b/src/main/tls.c
index 07f2c5b840f..09a2784209b 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -3048,6 +3048,12 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 		char const *p = X509_verify_cert_error_string(err);
 		RERROR("(TLS) OpenSSL says error %d : %s", err, p);
 		REXDENT();
+
+		/*
+		 *	Copy certs even on failure so that they can be logged.
+		 */
+		if (certs && request) fr_pair_add(&request->packet->vps, fr_pair_list_copy(request->packet, *certs));
+
 		return my_ok;
 	}
 
@@ -3365,6 +3371,10 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 		ssn->client_cert_ok = (my_ok == 1);
 	} /* depth == 0 */
 
+	/*
+	 *	Copy certs to request even on failure, so that the
+	 *	user can log them.
+	 */
 	if (certs && request && !my_ok) {
 		fr_pair_add(&request->packet->vps, fr_pair_list_copy(request->packet, *certs));
 	}