Improve error message if client cert verification fails

PR: 50093 Submitted by: Lassi Tuura <lat cern ch> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1026703 13f79535-47bb-0310-9956-ffa450edef68
2026-01-06 09:01:14 +03:00 · 2010-10-23 22:17:44 +00:00
parent 87c10fe5f1
commit a8a2cd0164
2 changed files with 5 additions and 3 deletions
--- a/5
+++ b/5
@@ -24,8 +24,9 @@ Changes with Apache 2.3.9
     interfering with authentication/authorization. [Paul Querna,
     Igor Galić, Stefan Fritsch]

-  *) mod_ssl: Log certificate information if client cert verification
-     fails. PR 50094. [Lassi Tuura <lat cern ch>, Stefan Fritsch]
+  *) mod_ssl: Log certificate information and improve error message if client
+     cert verification fails. PR 50093, PR 50094. [Lassi Tuura <lat cern ch>,
+     Stefan Fritsch]

  *) htcacheclean: Teach htcacheclean to limit cache size by number of
     inodes in addition to size of files. Prevents a cache disk from
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -623,7 +623,8 @@ static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
        result = "GENEROUS";
    else
        /* client verification failed */
-        result = apr_psprintf(p, "FAILED:%s", verr);
+        result = apr_psprintf(p, "FAILED:%s",
+                              verr ? verr : X509_verify_cert_error_string(vrc));

    if (xs)
        X509_free(xs);