support status flags of newer GnuTLS
Support status flags of newer GnuTLS in _utils_cert_get_status_report
with the appropriate GnuTLS version guards.
This code (without the version guards) was already part of the GnuTLS
branch and was removed in 9acb0cca
. I think it is helpful to add it
again to get better error hints on certificate problems when using a
newer GnuTLS.
This commit is contained in:
parent
a4bdfcfe76
commit
dc7ee56de4
29
utils.c
29
utils.c
@ -847,7 +847,7 @@ _utils_cert_get_status_report(gnutls_x509_crt_t cert, unsigned int status,
|
|||||||
size -= strlen(buf);
|
size -= strlen(buf);
|
||||||
}
|
}
|
||||||
|
|
||||||
#if GNUTLS_VERSION_NUMBER >= 0x030600
|
#if GNUTLS_VERSION_NUMBER >= 0x030400
|
||||||
if (status & GNUTLS_CERT_PURPOSE_MISMATCH) {
|
if (status & GNUTLS_CERT_PURPOSE_MISMATCH) {
|
||||||
snprintf(buf, sizeof(buf),
|
snprintf(buf, sizeof(buf),
|
||||||
" %d. The certificate or an intermediate does not match the\n"
|
" %d. The certificate or an intermediate does not match the\n"
|
||||||
@ -856,6 +856,33 @@ _utils_cert_get_status_report(gnutls_x509_crt_t cert, unsigned int status,
|
|||||||
size -= strlen(buf);
|
size -= strlen(buf);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if GNUTLS_VERSION_NUMBER >= 0x030501
|
||||||
|
if (status & GNUTLS_CERT_MISSING_OCSP_STATUS) {
|
||||||
|
snprintf(buf, sizeof(buf),
|
||||||
|
" %d. The certificate requires the server to send the certifiate\n"
|
||||||
|
" status, but no status was received.\n\n", i++);
|
||||||
|
strncat(out, buf, size);
|
||||||
|
size -= strlen(buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (status & GNUTLS_CERT_INVALID_OCSP_STATUS) {
|
||||||
|
snprintf(buf, sizeof(buf),
|
||||||
|
" %d. The received OCSP status response is invalid.\n\n", i++);
|
||||||
|
strncat(out, buf, size);
|
||||||
|
size -= strlen(buf);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if GNUTLS_VERSION_NUMBER >= 0x030600
|
||||||
|
if (status & GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS) {
|
||||||
|
snprintf(buf, sizeof(buf),
|
||||||
|
" %d. The certificate has extensions marked as critical which are\n"
|
||||||
|
" not supported.\n\n", i++);
|
||||||
|
strncat(out, buf, size);
|
||||||
|
size -= strlen(buf);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
Loading…
Reference in New Issue
Block a user