tls: add logging of expected/received hashes on failures
BUG=None
Change-Id: I8e9a4e69c520e1ee1edeb7f45f039f2cda400a50
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/265869
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#37268}
diff --git a/rtc_base/openssl_stream_adapter.cc b/rtc_base/openssl_stream_adapter.cc
index d6f6621..bc1c5be 100644
--- a/rtc_base/openssl_stream_adapter.cc
+++ b/rtc_base/openssl_stream_adapter.cc
@@ -43,6 +43,7 @@
#include "rtc_base/openssl_utility.h"
#include "rtc_base/ssl_certificate.h"
#include "rtc_base/stream.h"
+#include "rtc_base/string_encode.h"
#include "rtc_base/thread.h"
#include "rtc_base/time_utils.h"
#include "system_wrappers/include/field_trial.h"
@@ -1131,7 +1132,10 @@
Buffer computed_digest(digest, digest_length);
if (computed_digest != peer_certificate_digest_value_) {
RTC_LOG(LS_WARNING)
- << "Rejected peer certificate due to mismatched digest.";
+ << "Rejected peer certificate due to mismatched digest using "
+ << peer_certificate_digest_algorithm_ << ". Expected "
+ << rtc::hex_encode_with_delimiter(peer_certificate_digest_value_, ':')
+ << " got " << rtc::hex_encode_with_delimiter(computed_digest, ':');
return false;
}
// Ignore any verification error if the digest matches, since there is no
