SwitchEmu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2026-02-18 16:33:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

manually merge 0c6ce2f use x509_crt_verify_info()

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard
2015-04-20 10:56:18 +01:00
parent b5f48ad82f
commit 89addc43db
7 changed files with 55 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
programs/ssl/ssl_client1.c
View File

@@ -187,24 +187,16 @@ int main( void )
*/
mbedtls_printf( " . Verifying peer X.509 certificate..." );
/* In real life, we may want to bail out when ret != 0 */
/* In real life, we probably want to bail out when ret != 0 */
if( ( ret = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
char vrfy_buf[512];
mbedtls_printf( " failed\n" );
if( ( ret & MBEDTLS_BADCERT_EXPIRED ) != 0 )
mbedtls_printf( " ! server certificate has expired\n" );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", ret );
if( ( ret & MBEDTLS_X509_BADCERT_REVOKED ) != 0 )
mbedtls_printf( " ! server certificate has been revoked\n" );
if( ( ret & MBEDTLS_X509_BADCERT_CN_MISMATCH ) != 0 )
mbedtls_printf( " ! CN mismatch (expected CN=%s)\n", "PolarSSL Server 1" );
if( ( ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) != 0 )
mbedtls_printf( " ! self-signed or not signed by a trusted CA\n" );
mbedtls_printf( "\n" );
mbedtls_printf( "%s\n", vrfy_buf );
}
else
mbedtls_printf( " ok\n" );