manually merge 0c6ce2f use x509_crt_verify_info()
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index b536c22..b6d41c5 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1910,21 +1910,13 @@
if( ( ret = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
+ char vrfy_buf[512];
+
mbedtls_printf( " failed\n" );
- if( !mbedtls_ssl_get_peer_cert( &ssl ) )
- mbedtls_printf( " ! no client certificate sent\n" );
+ mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", ret );
- if( ( ret & MBEDTLS_BADCERT_EXPIRED ) != 0 )
- mbedtls_printf( " ! client certificate has expired\n" );
-
- if( ( ret & MBEDTLS_X509_BADCERT_REVOKED ) != 0 )
- mbedtls_printf( " ! client certificate has been revoked\n" );
-
- if( ( ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) != 0 )
- mbedtls_printf( " ! self-signed or not signed by a trusted CA\n" );
-
- mbedtls_printf( "\n" );
+ mbedtls_printf( "%s\n", vrfy_buf );
}
else
mbedtls_printf( " ok\n" );