apache2-ssl-report-cert.patch

--- modules/ssl/ssl_engine_kernel.c	2010-10-14 13:14:51.000000000 +0200
+++ modules/ssl/ssl_engine_kernel.c	2010-10-14 13:40:29.000000000 +0200
@@ -1378,9 +1378,33 @@ int ssl_callback_SSLVerify(int ok, X509_
      * If we already know it's not ok, log the real reason
      */
     if (!ok) {
-        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn,
-                      "Certificate Verification: Error (%d): %s",
-                      errnum, X509_verify_cert_error_string(errnum));
+        X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
+        BIO *bio = BIO_new(BIO_s_mem());
+        char buff[512]; /* should be plenty */
+        int n;
+
+        if (bio) {
+            BIO_printf(bio, "Certificate Verification: Error (%d): %s",
+                       errnum, X509_verify_cert_error_string(errnum));
+
+            BIO_printf(bio, "; subject: ");
+            X509_NAME_print(bio, X509_get_subject_name(cert), 0);
+
+            BIO_printf(bio, ", issuer: ");
+            X509_NAME_print(bio, X509_get_issuer_name(cert), 0);
+
+            BIO_printf(bio, ", notbefore: ");
+            ASN1_UTCTIME_print(bio, X509_get_notBefore(cert));
+
+            BIO_printf(bio, ", notafter: ");
+            ASN1_UTCTIME_print(bio, X509_get_notAfter(cert));
+
+            n = BIO_read(bio, buff, sizeof(buff) - 1);
+            buff[n] = '\0';
+            BIO_free(bio);
+
+            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn, "%s", buff);
+	}
 
         if (sslconn->client_cert) {
             X509_free(sslconn->client_cert);