Description of problem:
Repo auth is using OpenSSL's X509_STORE_CONTEXT::verify_cert() to validate a certificate.
If this is successful it returns 1, on failure 0.
We could add a callback into M2Crypto and OpenSSL which would tell us more information about why a certificate failed verification.
When a certificate fails verification we want to log a reason in apache's logs.
Refer to below m2crypto patches for possible solutions to exposing the verify callback.
and Patch: https://bugzilla.osafoundation.org/attachment.cgi?id=5710
The patched version of m2crypto was removed with commit f435a14. It looks like there is logging in the current cert verification that should be sufficient.
Marking bz as closed/currentrelease but feel free to re-open if you see any particular use cases that are not logged appropriately.