Changeset 7d2123d in mod_gnutls for src


Ignore:
Timestamp:
Mar 31, 2015, 6:12:22 AM (5 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
6e6a4e4
Parents:
dda3acf
git-author:
Thomas Klute <thomas2.klute@…> (03/31/15 06:06:34)
git-committer:
Thomas Klute <thomas2.klute@…> (03/31/15 06:12:22)
Message:

Log errors while loading proxy certificate trust list

The way the return code from gnutls_certificate_set_x509_trust_file was checked
mixed an empty trust list (0) with error codes (negative return value). This made
it difficult to debug problems with the trust list, so check for both
possibilities separately.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    rdda3acf r7d2123d  
    17911791                                                     sc->proxy_x509_ca_file,
    17921792                                                     GNUTLS_X509_FMT_PEM);
    1793         if (err <= 0)
    1794             ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
    1795                          "%s: proxy CA trust list is empty",
    1796                          __func__);
    1797         else
     1793        if (err > 0)
    17981794            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
    17991795                         "%s: proxy CA trust list: %d certificates loaded",
    18001796                         __func__, err);
     1797        else if (err == 0)
     1798            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
     1799                         "%s: proxy CA trust list is empty (%d)",
     1800                         __func__, err);
     1801        else /* err < 0 */
     1802            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
     1803                         "%s: error loading proxy CA trust list: %s (%d)",
     1804                         __func__, gnutls_strerror(err), err);
    18011805    }
    18021806    else
Note: See TracChangeset for help on using the changeset viewer.