Browse code

Expose the domain in certificate validation errors

We ran into an issue recently with certificate validation and this modification to the source code helped us quickly identify the root cause. Previously we had no way of seeing which domain was invalid. I didn't like using malloc here but hopefully freeing it in the same context ensures no memory leak as well avoid any memory corruption... with the memcpy and '\0'... hope this helps...

Todd authored on 06/10/2021 12:35:07 • GitHub committed on 06/10/2021 12:35:07
Showing 1 changed files
... ...
@@ -39,7 +39,11 @@ static inline int tls_err_ret(char *s, tls_domains_cfg_t **tls_domains_cfg) {
39 39
 	{
40 40
 		while((err = ERR_get_error())) {
41 41
 			ret = 1;
42
-			ERR("%s%s\n", s ? s : "", ERR_error_string(err, 0));
42
+			char *errbuf = (char*)malloc(sizeof(char)*((*tls_domains_cfg)->srv_default->server_name.len+1));
43
+			memcpy(errbuf, (*tls_domains_cfg)->srv_default->server_name.s, (*tls_domains_cfg)->srv_default->server_name.len);
44
+			errbuf[(*tls_domains_cfg)->srv_default->server_name.len] = '\0';
45
+			ERR("%s%s -> %s -> verify_client is:%d\n", s ? s : "", ERR_error_string(err, 0), errbuf, (*tls_domains_cfg)->srv_default->verify_client);
46
+			free(errbuf);
43 47
 		}
44 48
 	}
45 49
 	return ret;