Am 03.05.16 um 22:14 schrieb Steffan Karger: > Instead of just printing the contents of the flags variable, try to > convert it to a human-readable error string and print that instead. > > This will for example print "The certificate is signed with an > unacceptable key (eg bad curve, RSA too short).", instead of > "flags=10000". > > Signed-off-by: Steffan Karger <stef...@karger.me> > --- > Changes.rst | 5 ++++- > src/openvpn/ssl_verify_mbedtls.c | 20 +++++++++++++++++--- > 2 files changed, 21 insertions(+), 4 deletions(-) > > diff --git a/Changes.rst b/Changes.rst > index 5034b15..dc9131b 100644 > --- a/Changes.rst > +++ b/Changes.rst > @@ -91,10 +91,13 @@ User-visible Changes > * Non-ephemeral key exchange using static (EC)DH keys > * DSS private keys > > -- PolarSSL builds: changed the tls_digest_N values exported to the script > +- mbed TLS builds: changed the tls_digest_N values exported to the script > environment to be equal to the ones exported by OpenSSL builds, namely > the certificate fingerprint (was the hash of the 'to be signed' data). > > +- mbed TLS builds: minimum RSA key size is now 2048 bits. Shorter keys will > + not be accepted, both local and from the peer. > +
ACK. ANd thanks for maintaining Changes.rst Arne
