diff options
Diffstat (limited to 'crypto/cmp/cmp_vfy.c')
-rw-r--r-- | crypto/cmp/cmp_vfy.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index b50a3fe83a..86e39d262e 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -552,6 +552,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) { X509 *scrt; + ossl_cmp_debug(ctx, "validating CMP message"); if (ctx == NULL || msg == NULL || msg->header == NULL || msg->body == NULL) { CMPerr(0, CMP_R_NULL_ARGUMENT); @@ -593,8 +594,11 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) default: break; } + ossl_cmp_debug(ctx, + "sucessfully validated PBM-based CMP message protection"); return 1; } + ossl_cmp_warn(ctx, "verifying PBM-based CMP message protection failed"); break; /* @@ -615,9 +619,13 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) return 1; } else { /* use pinned sender cert */ /* use ctx->srvCert for signature check even if not acceptable */ - if (verify_signature(ctx, msg, scrt)) + if (verify_signature(ctx, msg, scrt)) { + ossl_cmp_debug(ctx, + "sucessfully validated signature-based CMP message protection"); + return 1; - ossl_cmp_warn(ctx, "msg signature verification failed"); + } + ossl_cmp_warn(ctx, "CMP message signature verification failed"); CMPerr(0, CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG); } break; |