Add x509_crt_verify_info()
diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h
index fe27007..24f7c7a 100644
--- a/include/polarssl/x509_crt.h
+++ b/include/polarssl/x509_crt.h
@@ -203,6 +203,21 @@
const x509_crt *crt );
/**
+ * \brief Returns an informational string about the
+ * verification status of a certificate.
+ *
+ * \param buf Buffer to write to
+ * \param size Maximum size of buffer
+ * \param prefix A line prefix
+ * \param flags Verification flags created by x509_crt_verify()
+ *
+ * \return The amount of data written to the buffer, or -1 in
+ * case of an error.
+ */
+int x509_crt_verify_info( char *buf, size_t size, const char *prefix,
+ int flags );
+
+/**
* \brief Verify the certificate signature
*
* The verify callback is a user-supplied callback that
@@ -219,6 +234,9 @@
* are also returned to the application. The function should
* return 0 for anything but a fatal error.
*
+ * \note In case verification failed, the results can be displayed
+ * using \c x509_crt_verify_info()
+ *
* \param crt a certificate to be verified
* \param trust_ca the trusted CA chain
* \param ca_crl the CRL chain for trusted CA's
@@ -229,12 +247,8 @@
* \param p_vrfy verification parameter
*
* \return 0 if successful or POLARSSL_ERR_X509_SIG_VERIFY_FAILED,
- * in which case *flags will have one or more of
- * the following values set:
- * BADCERT_EXPIRED --
- * BADCERT_REVOKED --
- * BADCERT_CN_MISMATCH --
- * BADCERT_NOT_TRUSTED
+ * in which case *flags will have one or more BADCERT_XXX or
+ * BADCRL_XXX flags set,
* or another error in case of a fatal error encountered
* during the verification process.
*/