Skip Menu |

Subject: git commit

Improve PKINIT OpenSSL error reporting

When a non-trivial OpenSSL function fails during PKINIT processing,
try to ensure that the error message includes an indication of the
what PKINIT was doing and the reason for the first queued OpenSSL
error, and flush all queued OpenSSL errors to the trace log. For
certificate verification failures, also include the higher-level error
from the cert store. Add new helper functions oerr() and oerr_cert()
to minimize the amount of code needed to handle each error.
Author: Greg Hudson <>
Commit: 7621d2f9a87214327ca3b2594e34dc7cea84596b
Branch: master
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 146 ++++++++++++--------
src/plugins/preauth/pkinit/pkinit_trace.h | 4 +
2 files changed, 89 insertions(+), 61 deletions(-)