commit cdf07e997906093cc3c15b56a166b7b6af05ff0e
author Paul Bakker <p.j.bakker@polarssl.org> Sun Jan 30 17:05:13 2011 +0000
committer Paul Bakker <p.j.bakker@polarssl.org> Sun Jan 30 17:05:13 2011 +0000
tree 94e583c2a0ab6b33a092a595e833e1df09d4e1d2
parent 9fc4659b3073e8e41ac3da8f300f0e65df9c3403

 - Information about missing or non-verified client certificate is not provided as well.

include/polarssl/x509.h

diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index 4305074..eda5221 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -85,12 +85,14 @@
  * \name X509 Verify codes
  * \{
  */
-#define BADCERT_EXPIRED                 1   /**< The certificate validity has expired. */
-#define BADCERT_REVOKED                 2   /**< The certificate has been revoked (is on a CRL). */
-#define BADCERT_CN_MISMATCH             4   /**< The certificate Common Name (CN) does not match with the expected CN. */
-#define BADCERT_NOT_TRUSTED             8   /**< The certificate is not correctly signed by the trusted CA. */
-#define BADCRL_NOT_TRUSTED             16   /**< CRL is not correctly signed by the trusted CA. */
-#define BADCRL_EXPIRED                 32   /**< CRL is expired. */
+#define BADCERT_EXPIRED             0x01  /**< The certificate validity has expired. */
+#define BADCERT_REVOKED             0x02  /**< The certificate has been revoked (is on a CRL). */
+#define BADCERT_CN_MISMATCH         0x04  /**< The certificate Common Name (CN) does not match with the expected CN. */
+#define BADCERT_NOT_TRUSTED         0x08  /**< The certificate is not correctly signed by the trusted CA. */
+#define BADCRL_NOT_TRUSTED          0x10  /**< CRL is not correctly signed by the trusted CA. */
+#define BADCRL_EXPIRED              0x20  /**< CRL is expired. */
+#define BADCERT_MISSING             0x40  /**< Certificate was missing. */
+#define BADCERT_SKIP_VERIFY         0x80  /**< Certificate verification was skipped. */
 /* \} name */
 
 

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 6f36e26..27c456a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1280,6 +1280,7 @@
     if( ssl->endpoint == SSL_IS_SERVER &&
         ssl->authmode == SSL_VERIFY_NONE )
     {
+        ssl->verify_result = BADCERT_SKIP_VERIFY;
         SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
         ssl->state++;
         return( 0 );
@@ -1306,6 +1307,7 @@
         {
             SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
 
+            ssl->verify_result = BADCERT_MISSING;
             if( ssl->authmode == SSL_VERIFY_OPTIONAL )
                 return( 0 );
             else
@@ -1323,6 +1325,7 @@
         {
             SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
 
+            ssl->verify_result = BADCERT_MISSING;
             if( ssl->authmode == SSL_VERIFY_REQUIRED )
                 return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
             else