Changeset 7d2123d in mod_gnutls for src

Timestamp:

Mar 31, 2015, 6:12:22 AM (5 years ago)

Author:

Thomas Klute <thomas2.klute@…>

Branches:

debian/master, debian/stretch-backports, jessie-backports, master, upstream

Children:

6e6a4e4

Parents:

dda3acf

git-author:

Thomas Klute <thomas2.klute@…> (03/31/15 06:06:34)

git-committer:

Thomas Klute <thomas2.klute@…> (03/31/15 06:12:22)

Message:

Log errors while loading proxy certificate trust list

The way the return code from gnutls_certificate_set_x509_trust_file was checked
mixed an empty trust list (0) with error codes (negative return value). This made
it difficult to debug problems with the trust list, so check for both
possibilities separately.

File:

• src/gnutls_hooks.c (modified) (1 diff)

src/gnutls_hooks.c

@@ -1791 +1791 @@
                                                      sc->proxy_x509_ca_file,
                                                      GNUTLS_X509_FMT_PEM);
-        if (err <= 0)
-            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
-                         "%s: proxy CA trust list is empty",
-                         __func__);
-        else
+        if (err > 0)
             ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                          "%s: proxy CA trust list: %d certificates loaded",
                          __func__, err);
+        else if (err == 0)
+            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
+                         "%s: proxy CA trust list is empty (%d)",
+                         __func__, err);
+        else /* err < 0 */
+            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+                         "%s: error loading proxy CA trust list: %s (%d)",
+                         __func__, gnutls_strerror(err), err);
     }
     else