diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java b/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java index f0fae971..cbb4683a 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java @@ -119,7 +119,8 @@ else if (this.callingEngine != null) { } } catch (CertificateException e) { WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, - "X509ExtendedTrustManager hostname verification failed"); + "X509ExtendedTrustManager hostname verification failed: " + + e.getMessage()); return 0; } @@ -139,6 +140,17 @@ else if (this.callingEngine != null) { private boolean VerifyCertChainWithTrustManager(X509Certificate[] certs, String authType) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "Verifying peer with X509TrustManager: " + this.tm); + if (this.tm instanceof X509ExtendedTrustManager) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "X509TrustManager of type X509ExtendedTrustManager"); + } + else { + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "X509TrustManager of type X509TrustManager"); + } + try { /* Call TrustManager to do cert verification, should throw * CertificateException if verification fails */ @@ -211,7 +223,8 @@ else if (this.callingEngine != null) { } catch (Exception e) { /* TrustManager rejected certificate, not valid */ WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, - "TrustManager rejected certificates, verification failed"); + "TrustManager rejected certificates, verification failed: " + + e.getMessage()); return false; } @@ -264,7 +277,8 @@ public int verifyCallback(int preverify_ok, long x509StorePtr) { } catch (WolfSSLException e) { /* failed to get certs from native, give app null array */ WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, - "Failed to get certs from x509StorePtr, certs = null"); + "Failed to get certs from x509StorePtr, certs = null: " + + e.getMessage()); certs = null; } @@ -282,7 +296,7 @@ public int verifyCallback(int preverify_ok, long x509StorePtr) { /* failed to get cert array, give app empty array */ WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "Failed to get X509Certificate[] array, set to " + - "empty array"); + "empty array: " + ce.getMessage()); x509certs = new X509Certificate[0]; } diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLTrustX509.java b/src/java/com/wolfssl/provider/jsse/WolfSSLTrustX509.java index f5b915db..ca196f0f 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLTrustX509.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLTrustX509.java @@ -421,6 +421,10 @@ private List certManagerVerify( fullChain.add(rootCA); } } + else { + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "Not returning cert chain from verify, not requested"); + } return fullChain; } @@ -695,6 +699,9 @@ public void checkClientTrusted(X509Certificate[] certs, String type) /* Verify cert chain, throw CertificateException if not valid */ certManagerVerify(certs, type, false); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "leaving checkClientTrusted(), success"); } /** @@ -733,6 +740,9 @@ public void checkClientTrusted(X509Certificate[] certs, String type, /* Verify hostname if right criteria matches */ verifyHostname(certs[0], socket, null, false); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "leaving checkClientTrusted(Socket), success"); } @Override @@ -755,6 +765,9 @@ public void checkClientTrusted(X509Certificate[] certs, String type, /* Verify hostname if right criteria matches */ verifyHostname(certs[0], null, engine, false); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "leaving checkClientTrusted(SSLEngine), success"); } /** @@ -787,6 +800,9 @@ public void checkServerTrusted(X509Certificate[] certs, String type) /* Verify cert chain, throw CertificateException if not valid */ certManagerVerify(certs, type, false); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "leaving checkServerTrusted(certs, type), success"); } @Override @@ -809,6 +825,9 @@ public void checkServerTrusted(X509Certificate[] certs, String type, /* Verify hostname if right criteria matches */ verifyHostname(certs[0], socket, null, true); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "leaving checkServerTrusted(certs, type, Socket), success"); } @Override @@ -831,6 +850,9 @@ public void checkServerTrusted(X509Certificate[] certs, String type, /* Verify hostname if right criteria matches */ verifyHostname(certs[0], null, engine, true); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "leaving checkServerTrusted(certs, type, SSLEngine), success"); } /** @@ -851,10 +873,17 @@ public void checkServerTrusted(X509Certificate[] certs, String type, public List checkServerTrusted(X509Certificate[] certs, String type, String host) throws CertificateException { + List certList = null; + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, - "entered checkServerTrusted()"); + "entered checkServerTrusted(cert, type, host)"); + + certList = certManagerVerify(certs, type, true); + + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "leaving checkServerTrusted(certs, type, host), success"); - return certManagerVerify(certs, type, true); + return certList; } /**