From 7f3f41d816bb80e362a5978420f59030b3132c81 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 25 Jun 2015 12:28:28 +0100
Subject: Extend -show_chain option to verify to show more info

The -show_chain flag to the verify command line app shows information about
the chain that has been built. This commit adds the text "untrusted" against
those certificates that have been used from the untrusted list.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 crypto/x509/x509_vfy.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'crypto')

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 7222113c68..df012ddeb0 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2452,6 +2452,11 @@ int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
     return ctx->explicit_policy;
 }
 
+int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx)
+{
+    return ctx->last_untrusted;
+}
+
 int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
 {
     const X509_VERIFY_PARAM *param;
-- 
cgit v1.2.3