TLSClient: Added more diagnostics in debug mode

2015-11-08 17:03:35 -05:00
parent 9415f62482
commit 1407e0410e
1 changed files with 14 additions and 0 deletions
--- a/src/TLSClient.cpp
+++ b/src/TLSClient.cpp
@@ -295,6 +295,9 @@ int TLSClient::verify_certificate () const
  if (_trust == TLSClient::allow_all)
    return 0;

+  if (_debug)
+    std::cout << "c: INFO Verifying certificate.\n";
+
  // This verification function uses the trusted CAs in the credentials
  // structure. So you must have installed one or more CA certificates.
  unsigned int status = 0;
@@ -310,6 +313,14 @@ int TLSClient::verify_certificate () const
      std::cout << "c: ERROR Certificate verification peers3 failed. " << gnutls_strerror (ret) << "\n";
    return GNUTLS_E_CERTIFICATE_ERROR;
  }
+
+  // status 16450 == 0100000001000010
+  //   GNUTLS_CERT_INVALID             1<<1
+  //   GNUTLS_CERT_SIGNER_NOT_FOUND    1<<6
+  //   GNUTLS_CERT_UNEXPECTED_OWNER    1<<14  Hostname does not match
+
+  if (_debug && status)
+    std::cout << "c: ERROR Certificate status=" << status << "\n";
 #else
  int ret = gnutls_certificate_verify_peers2 (_session, &status);
  if (ret < 0)
@@ -319,6 +330,9 @@ int TLSClient::verify_certificate () const
    return GNUTLS_E_CERTIFICATE_ERROR;
  }

+  if (_debug && status)
+    std::cout << "c: ERROR Certificate status=" << status << "\n";
+
  if ((status == 0) && (_trust != TLSClient::ignore_hostname))
  {
    if (gnutls_certificate_type_get (_session) == GNUTLS_CRT_X509)