1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
\begin{verbatim}
#define PRINTX(x,y) if (y[0]!=0) printf(" - %s %s\n", x, y)
#define PRINT_DN(X) PRINTX( "CN:", x509_info->X.common_name); \
PRINTX( "OU:", x509_info->X.organizational_unit_name); \
PRINTX( "O:", x509_info->X.organization); \
PRINTX( "L:", x509_info->X.locality_name); \
PRINTX( "S:", x509_info->X.state_or_province_name); \
PRINTX( "C:", x509_info->X.country);
int print_info(GNUTLS_STATE state)
{
const char *tmp;
const X509PKI_CLIENT_AUTH_INFO *x509_info;
/* print the key exchange's algorithm name
*/
tmp = gnutls_kx_get_name(gnutls_get_current_kx(state));
printf("- Key Exchange: %s\n", tmp);
/* in case of X509 PKI
*/
if (gnutls_get_auth_info_type(state) == GNUTLS_X509PKI) {
x509_info = gnutls_get_auth_info(state);
if (x509_info != NULL) {
switch (x509_info->peer_certificate_status) {
case GNUTLS_CERT_NOT_TRUSTED:
printf("- Peer's X509 Certificate was NOT verified\n");
break;
case GNUTLS_CERT_EXPIRED:
printf("- Peer's X509 Certificate was verified but is expired\n");
break;
case GNUTLS_CERT_TRUSTED:
printf("- Peer's X509 Certificate was verified\n");
break;
case GNUTLS_CERT_INVALID:
default:
printf("- Peer's X509 Certificate was invalid\n");
break;
}
}
}
printf(" - Certificate info:\n");
printf(" - Certificate version: #%d\n", x509_info->peer_certificate_version);
PRINT_DN(peer_dn);
printf(" - Certificate Issuer's info:\n");
PRINT_DN(issuer_dn);
tmp = gnutls_version_get_name(gnutls_get_current_version(state));
printf("- Version: %s\n", tmp);
tmp = gnutls_compression_get_name(gnutls_get_current_compression_method(state));
printf("- Compression: %s\n", tmp);
tmp = gnutls_cipher_get_name(gnutls_get_current_cipher(state));
printf("- Cipher: %s\n", tmp);
tmp = gnutls_mac_get_name(gnutls_get_current_mac_algorithm(state));
printf("- MAC: %s\n", tmp);
return 0;
}
\end{verbatim}
|
