commit 89addc43dbc547fccf3e4b1d54bd67289a1459d2
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Apr 20 10:56:18 2015 +0100
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Apr 20 11:23:11 2015 +0100
tree 288194c5e44a33a3c06204291dd7a761f8f6b8ac
parent b5f48ad82fb540835916a2687a2fabdf01e1d829

manually merge 0c6ce2f use x509_crt_verify_info()

programs/x509/cert_app.c

diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 0ebed1a..2593b5e 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -128,29 +128,13 @@
     mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
     mbedtls_printf( "%s", buf );
 
-    if( ( (*flags) & MBEDTLS_BADCERT_EXPIRED ) != 0 )
-        mbedtls_printf( "  ! server certificate has expired\n" );
-
-    if( ( (*flags) & MBEDTLS_X509_BADCERT_REVOKED ) != 0 )
-        mbedtls_printf( "  ! server certificate has been revoked\n" );
-
-    if( ( (*flags) & MBEDTLS_X509_BADCERT_CN_MISMATCH ) != 0 )
-        mbedtls_printf( "  ! CN mismatch\n" );
-
-    if( ( (*flags) & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) != 0 )
-        mbedtls_printf( "  ! self-signed or not signed by a trusted CA\n" );
-
-    if( ( (*flags) & MBEDTLS_X509_BADCRL_NOT_TRUSTED ) != 0 )
-        mbedtls_printf( "  ! CRL not trusted\n" );
-
-    if( ( (*flags) & MBEDTLS_X509_BADCRL_EXPIRED ) != 0 )
-        mbedtls_printf( "  ! CRL expired\n" );
-
-    if( ( (*flags) & MBEDTLS_BADCERT_OTHER ) != 0 )
-        mbedtls_printf( "  ! other (unknown) flag\n" );
-
     if ( ( *flags ) == 0 )
         mbedtls_printf( "  This certificate has no flags\n" );
+    else
+    {
+        mbedtls_x509_crt_verify_info( buf, sizeof( buf ), "  ! ", *flags );
+        mbedtls_printf( "%s\n", buf );
+    }
 
     return( 0 );
 }
@@ -358,21 +342,13 @@
             if( ( ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl, NULL, &flags,
                                          my_verify, NULL ) ) != 0 )
             {
+                char vrfy_buf[512];
+
                 mbedtls_printf( " failed\n" );
 
-                if( ( ret & MBEDTLS_BADCERT_EXPIRED ) != 0 )
-                    mbedtls_printf( "  ! server certificate has expired\n" );
+                mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), "  ! ", ret );
 
-                if( ( ret & MBEDTLS_X509_BADCERT_REVOKED ) != 0 )
-                    mbedtls_printf( "  ! server certificate has been revoked\n" );
-
-                if( ( ret & MBEDTLS_X509_BADCERT_CN_MISMATCH ) != 0 )
-                    mbedtls_printf( "  ! CN mismatch (expected CN=%s)\n", opt.server_name );
-
-                if( ( ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) != 0 )
-                    mbedtls_printf( "  ! self-signed or not signed by a trusted CA\n" );
-
-                mbedtls_printf( "\n" );
+                mbedtls_printf( "%s\n", vrfy_buf );
             }
             else
                 mbedtls_printf( " ok\n" );