diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-10-30 13:30:50 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-10-30 13:30:50 +0000 |
| commit | b1f96ac9c6b2e49d606925b4c4f0d6235c54fc4a (patch) | |
| tree | 978374359d382d78f4b0368ef9c4ee2fbd92b1ef | |
| parent | fdf106e46a0f1253c74f8698ba06e2237748f6c6 (diff) | |
| download | gnutls-b1f96ac9c6b2e49d606925b4c4f0d6235c54fc4a.tar.gz | |
*** empty log message ***
| -rw-r--r-- | lib/x509/verify.c | 5 | ||||
| -rw-r--r-- | src/certtool.c | 15 | ||||
| -rw-r--r-- | tests/test23.pem | 57 |
3 files changed, 14 insertions, 63 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c index c73faa1809..9dbb8c3087 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -197,6 +197,8 @@ gnutls_datum cert_signature = { NULL, 0 }; gnutls_x509_crt issuer; int ret, issuer_version, result; + if (output) *output = 0; + if (tcas_size >= 1) issuer = find_issuer(cert, trusted_cas, tcas_size); else { @@ -591,8 +593,7 @@ int gnutls_x509_crt_verify( gnutls_x509_crt cert, { /* Verify certificate */ - *verify = - _gnutls_verify_certificate2( cert, CA_list, CA_list_length, flags, verify); + _gnutls_verify_certificate2( cert, CA_list, CA_list_length, flags, verify); return 0; } diff --git a/src/certtool.c b/src/certtool.c index 589737c18b..9b98d5c0b5 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -1233,10 +1233,11 @@ int _verify_x509_mem( const char* cert, int cert_size) fprintf(stderr, "Error in get_dn: %s\n", gnutls_strerror(ret)); exit(1); } - - fprintf( outfile, "\tVerifying against certificate[%d]: %s\n", i-1, name); + + fprintf( outfile, "\tVerifying against certificate[%d].\n", i-1); if (strcmp( issuer_name, name) != 0) { + fprintf(stderr, "Error: Issuer's name: %s\n", name); fprintf(stderr, "Error: Issuer's name does not match the next certificate.\n"); exit(1); } @@ -1244,7 +1245,7 @@ int _verify_x509_mem( const char* cert, int cert_size) fprintf( outfile, "\tVerification output: "); print_verification_res( x509_cert_list[i-2], x509_cert_list[i-1], x509_crl_list, x509_ncrls); - fprintf( outfile, "\n\n"); + fprintf( outfile, ".\n\n"); } @@ -1292,7 +1293,7 @@ int _verify_x509_mem( const char* cert, int cert_size) print_verification_res( x509_cert_list[x509_ncerts-1], x509_cert_list[x509_ncerts-1], x509_crl_list, x509_ncrls); - fprintf( outfile, "\n\n"); + fprintf( outfile, ".\n\n"); for (i=0;i<x509_ncerts;i++) { gnutls_x509_crt_deinit( x509_cert_list[i]); @@ -1335,6 +1336,12 @@ time_t now = time(0); comma = 1; } + if (output&GNUTLS_CERT_ISSUER_NOT_CA) { + if (comma) fprintf(outfile, ", "); + fprintf(outfile, "Issuer is not a CA"); + comma = 1; + } + /* Check expiration dates. */ diff --git a/tests/test23.pem b/tests/test23.pem index 1c8d1013d7..3431d9914b 100644 --- a/tests/test23.pem +++ b/tests/test23.pem @@ -4,63 +4,6 @@ should not be validated. ] Certificate: Data: Version: 3 (0x2) - Serial Number: 99999 (0x1869f) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor - Validity - Not Before: Jan 1 12:01:00 1999 GMT - Not After : Jan 1 12:01:00 2048 GMT - Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c: - 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e: - 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a: - cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95: - 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04: - 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa: - f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f: - 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78: - 1d:ba:f3:18:84:2a:82:2b:47 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - AB:9A:EB:F9:C2:E7:54:8F - X509v3 Basic Constraints: - CA:TRUE - X509v3 Authority Key Identifier: - keyid:AB:9A:EB:F9:C2:E7:54:8F - - Signature Algorithm: sha1WithRSAEncryption - 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1: - 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0: - 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a: - 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70: - 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a: - bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec: - 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7: - 5a:45 ------BEGIN CERTIFICATE----- -MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT -MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE -CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw -MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g -R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD -VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz -ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4 -X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31 -JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK -BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G -CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt -7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27 -Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF ------END CERTIFICATE----- - -Certificate: - Data: - Version: 3 (0x2) Serial Number: 46 (0x2e) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=U.S. Government, OU=Dod, OU=Testing, CN=CA1-IC.02.01 |