Use x509_crt_verify_info() in programs

2015-04-17 16:32:21 +02:00 · 2015-04-17 16:32:21 +02:00 · 0c6ce2f536
commit 0c6ce2f536
parent 39a183a629
7 changed files with 52 additions and 129 deletions
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@ -203,24 +203,16 @@ int main( void )
     */
    polarssl_printf( "  . Verifying peer X.509 certificate..." );

-    /* In real life, we may want to bail out when ret != 0 */
+    /* In real life, we probably want to bail out when ret != 0 */
    if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
    {
+        char vrfy_buf[512];
+
        polarssl_printf( " failed\n" );

-        if( ( ret & BADCERT_EXPIRED ) != 0 )
-            polarssl_printf( "  ! server certificate has expired\n" );
+        x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), "  ! ", ret );

-        if( ( ret & BADCERT_REVOKED ) != 0 )
-            polarssl_printf( "  ! server certificate has been revoked\n" );
-
-        if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
-            polarssl_printf( "  ! CN mismatch (expected CN=%s)\n", "PolarSSL Server 1" );
-
-        if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
-            polarssl_printf( "  ! self-signed or not signed by a trusted CA\n" );
-
-        polarssl_printf( "\n" );
+        polarssl_printf( "%s\n", vrfy_buf );
    }
    else
        polarssl_printf( " ok\n" );