Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-21 21:36:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

manually merge 0c6ce2f use x509_crt_verify_info()

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2015-04-20 10:56:18 +01:00
parent b5f48ad82f
commit 89addc43db
7 changed files with 55 additions and 132 deletions
Download patch file Download diff file Expand all files Collapse all files

42
programs/x509/cert_app.c
View file

@ -128,29 +128,13 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, int *flags )
mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
mbedtls_printf( "%s", buf );
if( ( (*flags) & MBEDTLS_BADCERT_EXPIRED ) != 0 )
mbedtls_printf( " ! server certificate has expired\n" );
if( ( (*flags) & MBEDTLS_X509_BADCERT_REVOKED ) != 0 )
mbedtls_printf( " ! server certificate has been revoked\n" );
if( ( (*flags) & MBEDTLS_X509_BADCERT_CN_MISMATCH ) != 0 )
mbedtls_printf( " ! CN mismatch\n" );
if( ( (*flags) & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) != 0 )
mbedtls_printf( " ! self-signed or not signed by a trusted CA\n" );
if( ( (*flags) & MBEDTLS_X509_BADCRL_NOT_TRUSTED ) != 0 )
mbedtls_printf( " ! CRL not trusted\n" );
if( ( (*flags) & MBEDTLS_X509_BADCRL_EXPIRED ) != 0 )
mbedtls_printf( " ! CRL expired\n" );
if( ( (*flags) & MBEDTLS_BADCERT_OTHER ) != 0 )
mbedtls_printf( " ! other (unknown) flag\n" );
if ( ( *flags ) == 0 )
mbedtls_printf( " This certificate has no flags\n" );
else
{
mbedtls_x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags );
mbedtls_printf( "%s\n", buf );
}
return( 0 );
}
@ -358,21 +342,13 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl, NULL, &flags,
my_verify, NULL ) ) != 0 )
{
char vrfy_buf[512];
mbedtls_printf( " failed\n" );
if( ( ret & MBEDTLS_BADCERT_EXPIRED ) != 0 )
mbedtls_printf( " ! server certificate has expired\n" );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", ret );
if( ( ret & MBEDTLS_X509_BADCERT_REVOKED ) != 0 )
mbedtls_printf( " ! server certificate has been revoked\n" );
if( ( ret & MBEDTLS_X509_BADCERT_CN_MISMATCH ) != 0 )
mbedtls_printf( " ! CN mismatch (expected CN=%s)\n", opt.server_name );
if( ( ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) != 0 )
mbedtls_printf( " ! self-signed or not signed by a trusted CA\n" );
mbedtls_printf( "\n" );
mbedtls_printf( "%s\n", vrfy_buf );
}
else
mbedtls_printf( " ok\n" );