From 7e8ac1eb59ceffcf3c8443abaa6759679273affc Mon Sep 17 00:00:00 2001
From: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
Date: Tue, 6 Sep 2022 13:36:58 +0300
Subject: [PATCH] certs: misleading message (#6004)

---
 src/etc/inc/certs.inc | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc
index a7f9fd6cc..0113fb9f0 100644
--- a/src/etc/inc/certs.inc
+++ b/src/etc/inc/certs.inc
@@ -700,8 +700,13 @@ function crl_update(&$crl)
             $x509_cert = new X509();
             $x509_cert->loadCA($ca_str_crt);
             $raw_cert = $x509_cert->loadX509(base64_decode($cert['crt']));
-            if (!$x509_cert->validateSignature(false)) {
-                syslog(LOG_ERR, "Cert revocation error: CA validation failed.");
+            try {
+                if (!$x509_cert->validateSignature(false)) {
+                    syslog(LOG_ERR, "Cert revocation error: Revoked certificate validation failed.");
+                    return false;
+                }
+            } catch (Exception $e) {
+                syslog(LOG_ERR, 'Cert revocation error: Revoked certificate validation failed ' . $e);
                 return false;
             }
             /* Get serial number of cert */