libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode.

2 files changed, 23 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 67fc246461..23a23ba21f 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,8 @@ See the end for copying conditions.
 The tool now uses libgnutls' functions to print certificate
 information.  This avoids code duplication.
 
+** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode.
+
 ** API and ABI modifications:
 No changes since last version.
 
diff --git a/lib/x509/output.c b/lib/x509/output.c
index ccd7491575..0d20629184 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -1195,6 +1195,7 @@ print_oneline (gnutls_string * str, gnutls_x509_crt_t cert)
       addf (str, "issuer `%s', ", dn);
   }
 
+  /* Key algorithm and size. */
   {
     int bits;
     const char *name = gnutls_pk_algorithm_get_name
@@ -1204,6 +1205,26 @@ print_oneline (gnutls_string * str, gnutls_x509_crt_t cert)
     addf (str, "%s key %d bits, ", name, bits);
   }
 
+  /* Signature Algorithm. */
+  {
+    int err;
+
+    err = gnutls_x509_crt_get_signature_algorithm (cert);
+    if (err < 0)
+      addf (str, "unknown signature algorithm (%s), ",
+	    gnutls_strerror (err));
+    else
+      {
+	const char *name = gnutls_sign_algorithm_get_name (err);
+	if (name == NULL)
+	  name = _("unknown");
+	if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
+	  addf (str, _("signed using %s (broken!), "), name);
+	else
+	  addf (str, _("signed using %s, "), name);
+      }
+  }
+
   /* Validity. */
   {
     time_t tim;