Просмотр исходного кода

fix for displaying invalid cert when cert is actually valid

Bryan Heden 9 лет назад
Родитель
Сommit
51a264813d
2 измененных файлов с 3 добавлено и 3 удалено
  1. 1 1
      src/check_nrpe.c
  2. 2 2
      src/nrpe.c

+ 1 - 1
src/check_nrpe.c

@@ -1080,7 +1080,7 @@ int connect_to_remote()
 
 			if (peer) {
 				if (sslprm.log_opts & SSL_LogIfClientCert)
-					logit(LOG_NOTICE, "SSL %s has %s certificate", rem_host, SSL_get_verify_result(ssl) ? "a valid" : "an invalid");
+					logit(LOG_NOTICE, "SSL %s has %s certificate", rem_host, SSL_get_verify_result(ssl) == X509_V_OK ? "a valid" : "an invalid");
 
 				if (sslprm.log_opts & SSL_LogCertDetails) {
 					X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));

+ 2 - 2
src/nrpe.c

@@ -1947,8 +1947,8 @@ int handle_conn_ssl(int sock, void *ssl_ptr)
 
 		if (peer) {
 			if (sslprm.log_opts & SSL_LogIfClientCert)
-				logit(LOG_NOTICE, "SSL Client %s has %svalid certificate",
-					   remote_host, SSL_get_verify_result(ssl) ? "a " : "an in");
+				logit(LOG_NOTICE, "SSL Client %s has %s certificate",
+					   remote_host, SSL_get_verify_result(ssl) == X509_V_OK ? "a valid" : "an invalid");
 
 			if (sslprm.log_opts & SSL_LogCertDetails) {