aboutsummaryrefslogtreecommitdiff
path: root/rpkid/rpki/https.py
diff options
context:
space:
mode:
Diffstat (limited to 'rpkid/rpki/https.py')
-rw-r--r--rpkid/rpki/https.py4
1 files changed, 3 insertions, 1 deletions
diff --git a/rpkid/rpki/https.py b/rpkid/rpki/https.py
index 40894f74..1affee85 100644
--- a/rpkid/rpki/https.py
+++ b/rpkid/rpki/https.py
@@ -85,7 +85,9 @@ class Checker(tlslite.api.Checker):
for i in range(len(chain)):
rpki.log.debug("Received %s TLS cert[%d] issuer %s [%s] subject %s [%s]" % (peer, i, chain[i].getIssuer(), chain[i].hAKI(), chain[i].getSubject(), chain[i].hSKI()))
- if not self.x509store_thunk().verifyChain(chain[0].get_POW(), [x.get_POW() for x in chain[1:]]):
+ result = self.x509store_thunk().verifyDetailed(chain[0].get_POW(), [x.get_POW() for x in chain[1:]])
+ rpki.log.debug("TLS certificate validation result %s" % repr(result))
+ if not result[0]:
if disable_tls_certificate_validation_exceptions:
rpki.log.warn("DANGER WILL ROBINSON! IGNORING TLS VALIDATION FAILURE!")
else:
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-16 08:08:41 +0000