From: Stefan Fritsch Date: Sat, 23 Oct 2010 22:17:44 +0000 (+0000) Subject: Improve error message if client cert verification fails X-Git-Tag: 2.3.9~230 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a8a2cd01647cc05d31d02e0cd816ce239caa0680;p=apache Improve error message if client cert verification fails PR: 50093 Submitted by: Lassi Tuura git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1026703 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 9e925d38ed..4c6bb5455b 100644 --- a/CHANGES +++ b/CHANGES @@ -24,8 +24,9 @@ Changes with Apache 2.3.9 interfering with authentication/authorization. [Paul Querna, Igor Galić, Stefan Fritsch] - *) mod_ssl: Log certificate information if client cert verification - fails. PR 50094. [Lassi Tuura , Stefan Fritsch] + *) mod_ssl: Log certificate information and improve error message if client + cert verification fails. PR 50093, PR 50094. [Lassi Tuura , + Stefan Fritsch] *) htcacheclean: Teach htcacheclean to limit cache size by number of inodes in addition to size of files. Prevents a cache disk from diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c index 5e14ff5da0..62127fff2d 100644 --- a/modules/ssl/ssl_engine_vars.c +++ b/modules/ssl/ssl_engine_vars.c @@ -623,7 +623,8 @@ static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c) result = "GENEROUS"; else /* client verification failed */ - result = apr_psprintf(p, "FAILED:%s", verr); + result = apr_psprintf(p, "FAILED:%s", + verr ? verr : X509_verify_cert_error_string(vrc)); if (xs) X509_free(xs);