diff options
author | beck <beck@openbsd.org> | 2020-04-10 19:28:57 +0000 |
---|---|---|
committer | beck <beck@openbsd.org> | 2020-04-10 19:28:57 +0000 |
commit | 3bb23d5394a41073f59fe310926f9b2c35d63874 (patch) | |
tree | 61493b69a6d31357539890edac972b4c7765a835 /usr.sbin/smtpd | |
parent | sync cert.pem with Mozilla's root ca list, ok beck@ (diff) | |
download | wireguard-openbsd-3bb23d5394a41073f59fe310926f9b2c35d63874.tar.xz wireguard-openbsd-3bb23d5394a41073f59fe310926f9b2c35d63874.zip |
When failing to validate a peer TLS certificate in the MTA due to the
desired name of the MX not being present in the certificate, log that
this is he reason for the failure and the name we couldn't find in
the cert.
ok millert@ martijn@
Diffstat (limited to 'usr.sbin/smtpd')
-rw-r--r-- | usr.sbin/smtpd/mta_session.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/usr.sbin/smtpd/mta_session.c b/usr.sbin/smtpd/mta_session.c index e109e662a10..8710d379f6e 100644 --- a/usr.sbin/smtpd/mta_session.c +++ b/usr.sbin/smtpd/mta_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mta_session.c,v 1.133 2020/02/24 23:54:27 millert Exp $ */ +/* $OpenBSD: mta_session.c,v 1.134 2020/04/10 19:28:57 beck Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -1664,8 +1664,12 @@ mta_cert_verify_cb(void *arg, int status) match = 0; (void)ssl_check_name(cert, s->mxname, &match); X509_free(cert); - if (!match) + if (!match) { + log_info("%016"PRIx64" mta " + "ssl_check_name: no match for '%s' in cert", + s->id, s->mxname); status = CERT_INVALID; + } } } |