From beb609ffcf8c24c133f59829e0d3d82102661b82 Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Thu, 27 May 2021 15:32:08 +0200
Subject: check_curl: - added verbose output in verify_callback - pin
 refcounting for certs (avoid subject extraction error when checking   certs
 in is_openssl_callback mode)


diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 3e0a6f9..59e398b 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -285,6 +285,18 @@ int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
    * TODO: is the last certificate always the server certificate?
    */
   cert = X509_STORE_CTX_get_current_cert(x509_ctx);
+  X509_up_ref(cert);
+  if (verbose>=2) {
+    puts("* SSL verify callback with certificate:");
+    X509_NAME *subject, *issuer;
+    printf("*   issuer:\n");
+    issuer = X509_get_issuer_name( cert );
+    X509_NAME_print_ex_fp(stdout, issuer, 5, XN_FLAG_MULTILINE);
+    printf("* curl verify_callback:\n*   subject:\n");
+    subject = X509_get_subject_name( cert );
+    X509_NAME_print_ex_fp(stdout, subject, 5, XN_FLAG_MULTILINE);
+    puts("");
+  }
   return 1;
 }
 
-- 
cgit v0.10-9-g596f