Extend -show_chain option to verify to show more info

The -show_chain flag to the verify command line app shows information about the chain that has been built. This commit adds the text "untrusted" against those certificates that have been used from the untrusted list. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-06-25 12:28:28 +0100
committer: Matt Caswell <matt@openssl.org> 2015-07-07 21:57:12 +0100
commit: 7f3f41d816bb80e362a5978420f59030b3132c81 (patch)
tree: ec3a2e9bf351d8772c257ab495e6491f4000d9ce /crypto
parent: a64ba70dbb7e4886d7bae0b85a2a1070e22dd8fb (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 7222113c68..df012ddeb0 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2452,6 +2452,11 @@ int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
     return ctx->explicit_policy;
 }
 
+int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx)
+{
+    return ctx->last_untrusted;
+}
+
 int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
 {
     const X509_VERIFY_PARAM *param;
author	Matt Caswell <matt@openssl.org>	2015-06-25 12:28:28 +0100
committer	Matt Caswell <matt@openssl.org>	2015-07-07 21:57:12 +0100
commit	7f3f41d816bb80e362a5978420f59030b3132c81 (patch)
tree	ec3a2e9bf351d8772c257ab495e6491f4000d9ce /crypto
parent	a64ba70dbb7e4886d7bae0b85a2a1070e22dd8fb (diff)