commit 89addc43dbc547fccf3e4b1d54bd67289a1459d2
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Apr 20 10:56:18 2015 +0100
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Apr 20 11:23:11 2015 +0100
tree 288194c5e44a33a3c06204291dd7a761f8f6b8ac
parent b5f48ad82fb540835916a2687a2fabdf01e1d829

manually merge 0c6ce2f use x509_crt_verify_info()

programs/ssl/ssl_client2.c

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 892ca17..b6c776a 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -373,29 +373,13 @@
     mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
     mbedtls_printf( "%s", buf );
 
-    if( ( (*flags) & MBEDTLS_BADCERT_EXPIRED ) != 0 )
-        mbedtls_printf( "  ! server certificate has expired\n" );
-
-    if( ( (*flags) & MBEDTLS_X509_BADCERT_REVOKED ) != 0 )
-        mbedtls_printf( "  ! server certificate has been revoked\n" );
-
-    if( ( (*flags) & MBEDTLS_X509_BADCERT_CN_MISMATCH ) != 0 )
-        mbedtls_printf( "  ! CN mismatch\n" );
-
-    if( ( (*flags) & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) != 0 )
-        mbedtls_printf( "  ! self-signed or not signed by a trusted CA\n" );
-
-    if( ( (*flags) & MBEDTLS_X509_BADCRL_NOT_TRUSTED ) != 0 )
-        mbedtls_printf( "  ! CRL not trusted\n" );
-
-    if( ( (*flags) & MBEDTLS_X509_BADCRL_EXPIRED ) != 0 )
-        mbedtls_printf( "  ! CRL expired\n" );
-
-    if( ( (*flags) & MBEDTLS_BADCERT_OTHER ) != 0 )
-        mbedtls_printf( "  ! other (unknown) flag\n" );
-
     if ( ( *flags ) == 0 )
         mbedtls_printf( "  This certificate has no flags\n" );
+    else
+    {
+        mbedtls_x509_crt_verify_info( buf, sizeof( buf ), "  ! ", *flags );
+        mbedtls_printf( "%s\n", buf );
+    }
 
     return( 0 );
 }
@@ -1287,21 +1271,13 @@
 
     if( ( ret = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
     {
+        char vrfy_buf[512];
+
         mbedtls_printf( " failed\n" );
 
-        if( ( ret & MBEDTLS_BADCERT_EXPIRED ) != 0 )
-            mbedtls_printf( "  ! server certificate has expired\n" );
+        mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), "  ! ", ret );
 
-        if( ( ret & MBEDTLS_X509_BADCERT_REVOKED ) != 0 )
-            mbedtls_printf( "  ! server certificate has been revoked\n" );
-
-        if( ( ret & MBEDTLS_X509_BADCERT_CN_MISMATCH ) != 0 )
-            mbedtls_printf( "  ! CN mismatch (expected CN=%s)\n", opt.server_name );
-
-        if( ( ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) != 0 )
-            mbedtls_printf( "  ! self-signed or not signed by a trusted CA\n" );
-
-        mbedtls_printf( "\n" );
+        mbedtls_printf( "%s\n", vrfy_buf );
     }
     else
         mbedtls_printf( " ok\n" );