For connects and certificate-verifies denied by event actions, log

[exim.git] / src / src / tls-gnu.c

diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 1966c557dc0f440cc1b3d9c93caebd0344aed628..04de02d7431d1f59d64a34719d1033fc6df1c58f 100644 (file)
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -1559,6 +1559,7 @@ const gnutls_datum * cert_list;
 unsigned int cert_list_size = 0;
 gnutls_x509_crt_t crt;
 int rc;
+uschar * yield;
 exim_gnutls_state_st * state = gnutls_session_get_ptr(session);
 
 cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
@@ -1574,11 +1575,12 @@ if (cert_list)
     }
 
   state->tlsp->peercert = crt;
-  if (event_raise(state->event_action,
-             US"tls:cert", string_sprintf("%d", cert_list_size)) == DEFER)
+  if ((yield = event_raise(state->event_action,
+             US"tls:cert", string_sprintf("%d", cert_list_size))))
     {
     log_write(0, LOG_MAIN,
-             "SSL verify denied by event-action: depth=%d", cert_list_size);
+             "SSL verify denied by event-action: depth=%d: %s",
+             cert_list_size, yield);
     return 1;                     /* reject */
     }
   state->tlsp->peercert = NULL;