diff options
author | Matt Caswell <matt@openssl.org> | 2015-06-25 12:28:28 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-07-07 21:57:12 +0100 |
commit | 7f3f41d816bb80e362a5978420f59030b3132c81 (patch) | |
tree | ec3a2e9bf351d8772c257ab495e6491f4000d9ce /apps/verify.c | |
parent | a64ba70dbb7e4886d7bae0b85a2a1070e22dd8fb (diff) |
Extend -show_chain option to verify to show more info
The -show_chain flag to the verify command line app shows information about
the chain that has been built. This commit adds the text "untrusted" against
those certificates that have been used from the untrusted list.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'apps/verify.c')
-rw-r--r-- | apps/verify.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/apps/verify.c b/apps/verify.c index f6cea31f40..a823d58a75 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -244,6 +244,7 @@ static int check(X509_STORE *ctx, char *file, int i = 0, ret = 0; X509_STORE_CTX *csc; STACK_OF(X509) *chain = NULL; + int num_untrusted; x = load_cert(file, FORMAT_PEM, NULL, e, "certificate file"); if (x == NULL) @@ -265,8 +266,10 @@ static int check(X509_STORE *ctx, char *file, if (crls) X509_STORE_CTX_set0_crls(csc, crls); i = X509_verify_cert(csc); - if (i > 0 && show_chain) + if (i > 0 && show_chain) { chain = X509_STORE_CTX_get1_chain(csc); + num_untrusted = X509_STORE_CTX_get_num_untrusted(csc); + } X509_STORE_CTX_free(csc); ret = 0; @@ -284,6 +287,9 @@ static int check(X509_STORE *ctx, char *file, X509_NAME_print_ex_fp(stdout, X509_get_subject_name(cert), 0, XN_FLAG_ONELINE); + if (i < num_untrusted) { + printf(" (untrusted)"); + } printf("\n"); } sk_X509_pop_free(chain, X509_free); |