diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2008-04-02 14:28:17 +0000 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2008-04-02 14:28:17 +0000 |
| commit | 1ee637d8b162cdcabc42a57968d3332a726b56b1 (patch) | |
| tree | a9ceb7d14ea060e045812ac7249b000ec777ef57 | |
| parent | 473eff33aa140b00b4a2542763b91c04a4a22b92 (diff) | |
| download | strongswan-1ee637d8b162cdcabc42a57968d3332a726b56b1.tar.bz2 strongswan-1ee637d8b162cdcabc42a57968d3332a726b56b1.tar.xz | |
generate debug output if ocsp response does not contain status information for a given certificate
| -rw-r--r-- | src/charon/credentials/credential_manager.c | 5 | ||||
| -rw-r--r-- | src/charon/sa/tasks/ike_cert_pre.c | 2 |
2 files changed, 4 insertions, 3 deletions
diff --git a/src/charon/credentials/credential_manager.c b/src/charon/credentials/credential_manager.c index 948cb3af9..1e012495b 100644 --- a/src/charon/credentials/credential_manager.c +++ b/src/charon/credentials/credential_manager.c @@ -426,6 +426,7 @@ static certificate_t *get_better_ocsp(private_credential_manager_t *this, default: case VALIDATION_FAILED: /* candidate unusable, does not contain our cert */ + DBG1(DBG_CFG, " ocsp response contains no status on our certificate"); cand->destroy(cand); return best; } @@ -479,12 +480,12 @@ static cert_validation_t check_ocsp(private_credential_manager_t *this, best = get_better_ocsp(this, current, best, subject, issuer, &valid); if (best && valid != VALIDATION_STALE) { - DBG1(DBG_CFG, "found cached ocsp response"); + DBG1(DBG_CFG, " using cached ocsp response"); break; } } enumerator->destroy(enumerator); - + /* derive the authorityKeyIdentifier from the issuer's public key */ current = &issuer->interface; public = current->get_public_key(current); diff --git a/src/charon/sa/tasks/ike_cert_pre.c b/src/charon/sa/tasks/ike_cert_pre.c index 27d4870db..643a842cd 100644 --- a/src/charon/sa/tasks/ike_cert_pre.c +++ b/src/charon/sa/tasks/ike_cert_pre.c @@ -97,7 +97,7 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message) else { DBG1(DBG_IKE, "received cert request for unknown ca " - "\"%D\"", id); + "with keyid %D", id); auth->add_item(auth, AUTHN_CA_CERT_KEYID, id); } id->destroy(id); |