From 117e692a7df83b72f12171931fe5f22c4aae566f Mon Sep 17 00:00:00 2001
From: Philipp Hancke <phancke@nvidia.com>
Date: Fri, 17 Jun 2022 14:14:55 +0200
Subject: [PATCH] tls: add logging of expected/received hashes on failures

BUG=None

Change-Id: I8e9a4e69c520e1ee1edeb7f45f039f2cda400a50
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/265869
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#37268}
---
 rtc_base/openssl_stream_adapter.cc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/rtc_base/openssl_stream_adapter.cc b/rtc_base/openssl_stream_adapter.cc
index d6f6621b2d..bc1c5be66d 100644
--- a/rtc_base/openssl_stream_adapter.cc
+++ b/rtc_base/openssl_stream_adapter.cc
@@ -43,6 +43,7 @@
 #include "rtc_base/openssl_utility.h"
 #include "rtc_base/ssl_certificate.h"
 #include "rtc_base/stream.h"
+#include "rtc_base/string_encode.h"
 #include "rtc_base/thread.h"
 #include "rtc_base/time_utils.h"
 #include "system_wrappers/include/field_trial.h"
@@ -1131,7 +1132,10 @@ bool OpenSSLStreamAdapter::VerifyPeerCertificate() {
   Buffer computed_digest(digest, digest_length);
   if (computed_digest != peer_certificate_digest_value_) {
     RTC_LOG(LS_WARNING)
-        << "Rejected peer certificate due to mismatched digest.";
+        << "Rejected peer certificate due to mismatched digest using "
+        << peer_certificate_digest_algorithm_ << ". Expected "
+        << rtc::hex_encode_with_delimiter(peer_certificate_digest_value_, ':')
+        << " got " << rtc::hex_encode_with_delimiter(computed_digest, ':');
     return false;
   }
   // Ignore any verification error if the digest matches, since there is no