From: Florian Bezannier <florian.bezannier@hotmail.fr>
Date: Thu, 1 Feb 2024 15:43:35 +0000 (+0100)
Subject: auth-cfg: Improve log message for identity constraint mismatch error
X-Git-Tag: android-2.5.0~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e6176bf19c70326deb4b3d13e3c4e1fe342477d5;p=thirdparty%2Fstrongswan.git

auth-cfg: Improve log message for identity constraint mismatch error

Closes strongswan/strongswan#2088
---

diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index 2bff538d6b..675694dcbc 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -956,13 +956,34 @@ METHOD(auth_cfg_t, complies, bool,
 						{
 							break;
 						}
+						if (log_error)
+						{
+							DBG1(DBG_CFG, "constraint check failed: certificate"
+								 " does not confirm identity '%Y' (%N)",
+								 id1, id_type_names, id1->get_type(id1));
+						}
+						success = FALSE;
+						break;
 					}
 					success = FALSE;
-					if (log_error)
+					if (!log_error)
+					{
+						break;
+				    }
+					if (id2)
+					{
+						DBG1(DBG_CFG, "constraint check failed: %sidentity '%Y'"
+							 " (%N) required, not matched by '%Y' (%N)",
+							 t1 == AUTH_RULE_IDENTITY ? "" : "EAP ",
+							 id1, id_type_names, id1->get_type(id1),
+							 id2, id_type_names, id2->get_type(id2));
+					}
+					else
 					{
 						DBG1(DBG_CFG, "constraint check failed: %sidentity '%Y'"
-							 " required ", t1 == AUTH_RULE_IDENTITY ? "" :
-							 "EAP ", id1);
+							 " (%N) required",
+							 t1 == AUTH_RULE_IDENTITY ? "" : "EAP ",
+							 id1, id_type_names, id1->get_type(id1));
 					}
 				}
 				break;