diff options
| author | Rob Austein <sra@hactrn.net> | 2008-05-12 06:18:01 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2008-05-12 06:18:01 +0000 |
| commit | d05014cd8927c590896703f90ac824c20b6d726e (patch) | |
| tree | f43530c3000411c01d82429c0d0a595a89696155 /rpkid/rpki/https.py | |
| parent | edf3271521e10c35c9d31708414651b874acf528 (diff) | |
Add X509Store.verifyDetailed()
svn path=/pow/POW-0.7/POW.c; revision=1767
Diffstat (limited to 'rpkid/rpki/https.py')
| -rw-r--r-- | rpkid/rpki/https.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/rpkid/rpki/https.py b/rpkid/rpki/https.py index 40894f74..1affee85 100644 --- a/rpkid/rpki/https.py +++ b/rpkid/rpki/https.py @@ -85,7 +85,9 @@ class Checker(tlslite.api.Checker): for i in range(len(chain)): rpki.log.debug("Received %s TLS cert[%d] issuer %s [%s] subject %s [%s]" % (peer, i, chain[i].getIssuer(), chain[i].hAKI(), chain[i].getSubject(), chain[i].hSKI())) - if not self.x509store_thunk().verifyChain(chain[0].get_POW(), [x.get_POW() for x in chain[1:]]): + result = self.x509store_thunk().verifyDetailed(chain[0].get_POW(), [x.get_POW() for x in chain[1:]]) + rpki.log.debug("TLS certificate validation result %s" % repr(result)) + if not result[0]: if disable_tls_certificate_validation_exceptions: rpki.log.warn("DANGER WILL ROBINSON! IGNORING TLS VALIDATION FAILURE!") else: |