certtool: print signature algorithm in cert verification output

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 19 insertions, 0 deletions

diff --git a/src/certtool.c b/src/certtool.c
index 4e4f3277f3..3cddc3dd6f 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -1988,6 +1988,23 @@ void generate_request(common_info_st * cinfo)
 
 static void print_verification_res(FILE * outfile, unsigned int output);
 
+static const char *get_signature_algo(gnutls_x509_crt_t crt)
+{
+	int ret;
+	static char oid[128];
+
+	ret = gnutls_x509_crt_get_signature_algorithm(crt);
+	if (ret < 0 || ret == GNUTLS_SIGN_UNKNOWN) {
+		size_t oid_size = sizeof(oid);
+		ret = gnutls_x509_crt_get_signature_oid(crt, oid, &oid_size);
+		if (ret < 0)
+			return NULL;
+		return oid;
+	}
+
+	return gnutls_sign_get_name(ret);
+}
+
 static int detailed_verification(gnutls_x509_crt_t cert,
 				 gnutls_x509_crt_t issuer,
 				 gnutls_x509_crl_t crl,
@@ -2036,6 +2053,8 @@ static int detailed_verification(gnutls_x509_crt_t cert,
 		fprintf(outfile, "\tChecked against: %s\n", issuer_name.data);
 	}
 
+	fprintf(outfile, "\tSignature algorithm: %s\n", get_signature_algo(cert));
+
 	if (crl != NULL) {
 		gnutls_datum_t data;
 		gnutls_free(issuer_name.data);