diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 08:42:27 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 08:42:27 +0000 |
commit | 95f5f6d1c3aec1cb62525f5162e71a4157aca717 (patch) | |
tree | 8633546094df32b27d719c7578537e6062aa52e3 /src/tls/tls_verify.c | |
parent | Releasing progress-linux version 3.8.6-1~progress7.99u1. (diff) | |
download | postfix-95f5f6d1c3aec1cb62525f5162e71a4157aca717.tar.xz postfix-95f5f6d1c3aec1cb62525f5162e71a4157aca717.zip |
Merging upstream version 3.9.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | src/tls/tls_verify.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/tls/tls_verify.c b/src/tls/tls_verify.c index f32f32b..c643f18 100644 --- a/src/tls/tls_verify.c +++ b/src/tls/tls_verify.c @@ -144,6 +144,7 @@ int tls_verify_certificate_callback(int ok, X509_STORE_CTX *ctx) int depth; SSL *con; TLS_SESS_STATE *TLScontext; + EVP_PKEY *rpk = 0; /* May be NULL as of OpenSSL 1.0, thanks for the API change! */ cert = X509_STORE_CTX_get_current_cert(ctx); @@ -151,6 +152,10 @@ int tls_verify_certificate_callback(int ok, X509_STORE_CTX *ctx) con = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); TLScontext = SSL_get_ex_data(con, TLScontext_index); depth = X509_STORE_CTX_get_error_depth(ctx); +#if OPENSSL_VERSION_PREREQ(3,2) + if (cert == 0) + rpk = X509_STORE_CTX_get0_rpk(ctx); +#endif /* * Transient failures to load the (DNS or synthetic TLSA) trust settings @@ -174,12 +179,15 @@ int tls_verify_certificate_callback(int ok, X509_STORE_CTX *ctx) update_error_state(TLScontext, depth, cert, err); if (TLScontext->log_mask & TLS_LOG_VERBOSE) { - if (cert) + if (cert) { X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf)); - else - strcpy(buf, "<unknown>"); - msg_info("%s: depth=%d verify=%d subject=%s", - TLScontext->namaddr, depth, ok, printable(buf, '?')); + msg_info("%s: depth=%d verify=%d subject=%s", + TLScontext->namaddr, depth, ok, printable(buf, '?')); + } else if (rpk) { + msg_info("%s: verify=%d raw public key", TLScontext->namaddr, ok); + } else { + msg_info("%s: depth=%d verify=%d", TLScontext->namaddr, depth, ok); + } } return (1); } |