manually merge 39a183a add x509_crt_verify_info()
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 23d7fb9..880099b 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -202,6 +202,21 @@
const mbedtls_x509_crt *crt );
/**
+ * \brief Returns an informational string about the
+ * verification status of a certificate.
+ *
+ * \param buf Buffer to write to
+ * \param size Maximum size of buffer
+ * \param prefix A line prefix
+ * \param flags Verification flags created by mbedtls_x509_crt_verify()
+ *
+ * \return The amount of data written to the buffer, or -1 in
+ * case of an error.
+ */
+int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
+ int flags );
+
+/**
* \brief Verify the certificate signature
*
* The verify callback is a user-supplied callback that
@@ -218,6 +233,9 @@
* are also returned to the application. The function should
* return 0 for anything but a fatal error.
*
+ * \note In case verification failed, the results can be displayed
+ * using \c mbedtls_x509_crt_verify_info()
+ *
* \param crt a certificate to be verified
* \param trust_ca the trusted CA chain
* \param ca_crl the CRL chain for trusted CA's
@@ -228,12 +246,9 @@
* \param p_vrfy verification parameter
*
* \return 0 if successful or MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
- * in which case *flags will have one or more of
- * the following values set:
- * MBEDTLS_BADCERT_EXPIRED --
- * MBEDTLS_X509_BADCERT_REVOKED --
- * MBEDTLS_X509_BADCERT_CN_MISMATCH --
- * MBEDTLS_X509_BADCERT_NOT_TRUSTED
+ * in which case *flags will have one or more
+ * MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags
+ * set,
* or another error in case of a fatal error encountered
* during the verification process.
*/