diff --git a/lib/ca_certs.ml b/lib/ca_certs.ml index 67a584f..7922434 100644 --- a/lib/ca_certs.ml +++ b/lib/ca_certs.ml @@ -65,12 +65,15 @@ let ( let* ) = Result.bind let windows_trust_anchors () = let* anchors = get_anchors () in let cert_list = - List.fold_left (fun acc cert -> + List.fold_left + (fun acc cert -> match X509.Certificate.decode_der cert with | Ok cert -> cert :: acc - | Error `Msg msg -> - Log.warn (fun m -> m "ignoring certificate: %s" msg); - acc) + | Error (`Msg msg) -> + Log.warn (fun m -> m "Failed to decode a trust anchor: %s" msg); + Log.debug (fun m -> + m "Full certificate:@.%a" (Ohex.pp_hexdump ()) cert); + acc) [] anchors in Ok (X509.Certificate.encode_pem_multiple cert_list) diff --git a/test/tests.ml b/test/tests.ml index 07eb528..aa1bf01 100644 --- a/test/tests.ml +++ b/test/tests.ml @@ -1020,8 +1020,8 @@ let () = Logs.set_level ~all:true (Some Logs.Debug); match ta () with | Ok tas -> - Alcotest.run "verification tests" - [ ("X509 certificate validation", tests tas) ] - | Error `Msg msg -> - Logs.err (fun m -> m "error %s in ta()" msg); - exit 1 + Alcotest.run "verification tests" + [ ("X509 certificate validation", tests tas) ] + | Error (`Msg msg) -> + Logs.err (fun m -> m "error %s in ta()" msg); + exit 1