From 1ee9c0925b5aa99113fff9b9483868290cf921ae Mon Sep 17 00:00:00 2001 From: Shane Kearns Date: Fri, 6 Jan 2012 16:50:23 +0000 Subject: [PATCH] SSL - dump failed certificate chains when debug logging is enabled This is to help us debug problems with CA certificates. Code is not compiled by default, only when QtNetwork is built with QSSLSOCKET_DEBUG defined Change-Id: I404c36bf4c6bf1190f480196038197be30b4b5f9 Reviewed-by: Peter Hartmann Reviewed-by: Richard J. Moore --- src/network/ssl/qsslsocket_openssl.cpp | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index ab40f15cde..96b2c8170b 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -225,6 +225,27 @@ static int q_X509Callback(int ok, X509_STORE_CTX *ctx) if (!ok) { // Store the error and at which depth the error was detected. _q_sslErrorList()->errors << qMakePair(ctx->error, ctx->error_depth); +#ifdef QSSLSOCKET_DEBUG + qDebug() << "verification error: dumping bad certificate"; + qDebug() << QSslCertificatePrivate::QSslCertificate_from_X509(ctx->current_cert).toPem(); + qDebug() << "dumping chain"; + foreach (QSslCertificate cert, QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(ctx->chain)) { + QString certFormat(QStringLiteral("O=%1 CN=%2 L=%3 OU=%4 C=%5 ST=%6")); + qDebug() << "Issuer:" << "O=" << cert.issuerInfo(QSslCertificate::Organization) + << "CN=" << cert.issuerInfo(QSslCertificate::CommonName) + << "L=" << cert.issuerInfo(QSslCertificate::LocalityName) + << "OU=" << cert.issuerInfo(QSslCertificate::OrganizationalUnitName) + << "C=" << cert.issuerInfo(QSslCertificate::CountryName) + << "ST=" << cert.issuerInfo(QSslCertificate::StateOrProvinceName); + qDebug() << "Subject:" << "O=" << cert.subjectInfo(QSslCertificate::Organization) + << "CN=" << cert.subjectInfo(QSslCertificate::CommonName) + << "L=" << cert.subjectInfo(QSslCertificate::LocalityName) + << "OU=" << cert.subjectInfo(QSslCertificate::OrganizationalUnitName) + << "C=" << cert.subjectInfo(QSslCertificate::CountryName) + << "ST=" << cert.subjectInfo(QSslCertificate::StateOrProvinceName); + qDebug() << "Valid:" << cert.effectiveDate() << "-" << cert.expiryDate(); + } +#endif } // Always return OK to allow verification to continue. We're handle the // errors gracefully after collecting all errors, after verification has