- if (X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf))
- == -1)
- {
- Debug( LDAP_DEBUG_ANY,
- "TLS: unable to get common name from peer certificate.\n",
- 0, 0, 0 );
- } else if (strcasecmp(name, buf))
- {
- Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
- "common name in certificate (%s).\n",
- name, buf, 0 );
- ret = LDAP_CONNECT_ERROR;
- } else
- {
- ret = LDAP_SUCCESS;
+ if( X509_NAME_get_text_by_NID( xn, NID_commonName,
+ buf, sizeof(buf)) == -1)
+ {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( TRANSPORT, ERR, "ldap_pvt_tls_check_hostname: "
+ "TLS unable to get common name from peer certificate.\n",
+ 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: unable to get common name from peer certificate.\n",
+ 0, 0, 0 );
+#endif
+ ld->ld_error = LDAP_STRDUP("TLS: unable to get CN from peer certificate");
+
+ } else if (strcasecmp(name, buf)) {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( TRANSPORT, ERR, "ldap_pvt_tls_check_hostname: "
+ "TLS hostname (%s) does not match "
+ "common name in certificate (%s).\n", name, buf, 0 );
+#else
+ Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
+ "common name in certificate (%s).\n",
+ name, buf, 0 );
+#endif
+ ret = LDAP_CONNECT_ERROR;
+ ld->ld_error = LDAP_STRDUP("TLS: hostname does not match CN in peer certificate");
+
+ } else {
+ ret = LDAP_SUCCESS;
+ }