Add x509_crt_verify_info()

2015-04-17 16:14:32 +02:00 · 2015-04-17 16:14:32 +02:00 · 39a183a629
commit 39a183a629
parent 23c0608e28
6 changed files with 115 additions and 8 deletions
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -1382,6 +1382,57 @@ int x509_crt_info( char *buf, size_t size, const char *prefix,
    return( (int) ( size - n ) );
 }

+struct x509_crt_verify_string {
+    int code;
+    const char *string;
+};
+
+static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
+    { BADCERT_EXPIRED,       "The certificate validity has expired" },
+    { BADCERT_REVOKED,       "The certificate has been revoked (is on a CRL)" },
+    { BADCERT_CN_MISMATCH,   "The certificate Common Name (CN) does not match with the expected CN" },
+    { BADCERT_NOT_TRUSTED,   "The certificate is not correctly signed by the trusted CA" },
+    { BADCRL_NOT_TRUSTED,    "The CRL is not correctly signed by the trusted CA" },
+    { BADCRL_EXPIRED,        "The CRL is expired" },
+    { BADCERT_MISSING,       "Certificate was missing" },
+    { BADCERT_SKIP_VERIFY,   "Certificate verification was skipped" },
+    { BADCERT_OTHER,         "Other reason (can be used by verify callback)" },
+    { BADCERT_FUTURE,        "The certificate validity starts in the future" },
+    { BADCRL_FUTURE,         "The CRL is from the future" },
+    { BADCERT_KEY_USAGE,     "Usage does not match the keyUsage extension" },
+    { BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
+    { BADCERT_NS_CERT_TYPE,  "Usage does not match the nsCertType extension" },
+    { 0, NULL }
+};
+
+int x509_crt_verify_info( char *buf, size_t size, const char *prefix,
+                          int flags )
+{
+    int ret;
+    const struct x509_crt_verify_string *cur;
+    char *p = buf;
+    size_t n = size;
+
+    for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ )
+    {
+        if( ( flags & cur->code ) == 0 )
+            continue;
+
+        ret = polarssl_snprintf( p, n, "%s%s\n", prefix, cur->string );
+        SAFE_SNPRINTF();
+        flags ^= cur->code;
+    }
+
+    if( flags != 0 )
+    {
+        ret = polarssl_snprintf( p, n, "%sUnknown reason "
+                                       "(this should not happen)\n", prefix );
+        SAFE_SNPRINTF();
+    }
+
+    return( (int) ( size - n ) );
+}
+
 #if defined(POLARSSL_X509_CHECK_KEY_USAGE)
 int x509_crt_check_key_usage( const x509_crt *crt, int usage )
 {