Use x509_crt_verify_info() in programs

commit: 0c6ce2f536941413278f981f0aea169272af914c [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Apr 17 16:32:21 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Apr 17 19:57:21 2015 +0200
tree: 931cbbbdb9ecca5e6c7dd9c9ab6a8806046bf61f
parent: 39a183a629696d860f2342dd3e5094231e5e06ed [diff] [blame]
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index d1bc36e..095fabd 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c

@@ -1626,21 +1626,13 @@
 
     if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
     {
+        char vrfy_buf[512];
+
         polarssl_printf( " failed\n" );
 
-        if( !ssl_get_peer_cert( &ssl ) )
-            polarssl_printf( "  ! no client certificate sent\n" );
+        x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), "  ! ", ret );
 
-        if( ( ret & BADCERT_EXPIRED ) != 0 )
-            polarssl_printf( "  ! client certificate has expired\n" );
-
-        if( ( ret & BADCERT_REVOKED ) != 0 )
-            polarssl_printf( "  ! client certificate has been revoked\n" );
-
-        if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
-            polarssl_printf( "  ! self-signed or not signed by a trusted CA\n" );
-
-        polarssl_printf( "\n" );
+        polarssl_printf( "%s\n", vrfy_buf );
     }
     else
         polarssl_printf( " ok\n" );
commit	0c6ce2f536941413278f981f0aea169272af914c	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Apr 17 16:32:21 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Apr 17 19:57:21 2015 +0200
tree	931cbbbdb9ecca5e6c7dd9c9ab6a8806046bf61f
parent	39a183a629696d860f2342dd3e5094231e5e06ed [diff] [blame]