From d05014cd8927c590896703f90ac824c20b6d726e Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Mon, 12 May 2008 06:18:01 +0000
Subject: Add X509Store.verifyDetailed()

svn path=/pow/POW-0.7/POW.c; revision=1767
---
 rpkid/rpki/https.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'rpkid/rpki/https.py')

diff --git a/rpkid/rpki/https.py b/rpkid/rpki/https.py
index 40894f74..1affee85 100644
--- a/rpkid/rpki/https.py
+++ b/rpkid/rpki/https.py
@@ -85,7 +85,9 @@ class Checker(tlslite.api.Checker):
       for i in range(len(chain)):
         rpki.log.debug("Received %s TLS cert[%d] issuer %s [%s] subject %s [%s]" % (peer, i, chain[i].getIssuer(), chain[i].hAKI(), chain[i].getSubject(), chain[i].hSKI()))
 
-    if not self.x509store_thunk().verifyChain(chain[0].get_POW(), [x.get_POW() for x in chain[1:]]):
+    result = self.x509store_thunk().verifyDetailed(chain[0].get_POW(), [x.get_POW() for x in chain[1:]])
+    rpki.log.debug("TLS certificate validation result %s" % repr(result))
+    if not result[0]:
       if disable_tls_certificate_validation_exceptions:
         rpki.log.warn("DANGER WILL ROBINSON!  IGNORING TLS VALIDATION FAILURE!")
       else:
-- 
cgit v1.2.3