Re: [Openvpn-devel] [PATCH] Log OpenSSL errors on failure to set certificate

Arne Schwabe Mon, 02 Oct 2023 01:07:18 -0700

Am 01.10.23 um 19:49 schrieb selva.n...@gmail.com:

From: Selva Nair <selva.n...@gmail.com>


Currently we log a bogus error message saying private key password verification
failed when SSL_CTX_use_cert_and_key() fails in pkcs11_openssl.c. Instead print
OpenSSL error queue and exit promptly.

Also log OpenSSL errors when SSL_CTX_use_certiifcate() fails in cryptoapi.c
and elsewhere. Such logging could be useful especially when the ceritficate is
rejected by OpenSSL due to stricter security restrictions in recent versions
of the library.


Yeah, looks good.

Acked-By: Arne Schwabe <a...@rfc2549.org>



_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Log OpenSSL errors on failure to set certificate

Reply via email to