_gnutls_buffer_init (&str);
+ if (status == 0)
+ _gnutls_buffer_append_str (&str, _("Peer's certificate is trusted. "));
+ else
+ _gnutls_buffer_append_str (&str, _("Peer's certificate is NOT trusted. "));
+
if (type == GNUTLS_CRT_X509)
{
- if (status == 0)
- _gnutls_buffer_append_str (&str, _("- Peer's certificate is trusted\n"));
- else
- {
- if (status & GNUTLS_CERT_INVALID)
- _gnutls_buffer_append_str (&str, _("- Peer's certificate is NOT trusted\n"));
+ if (status & GNUTLS_CERT_REVOKED)
+ _gnutls_buffer_append_str (&str, _("Peer's certificate chain revoked. "));
- if (status & GNUTLS_CERT_REVOKED)
- _gnutls_buffer_append_str (&str, _("- Peer's certificate chain revoked\n"));
+ if (status & GNUTLS_CERT_REVOCATION_DATA_TOO_OLD)
+ _gnutls_buffer_append_str (&str, _("The revocation data provided by the peer are too old. "));
- if (status & GNUTLS_CERT_REVOCATION_DATA_TOO_OLD)
- _gnutls_buffer_append_str (&str, _("- The revocation data provided by the peer are too old\n"));
+ if (status & GNUTLS_CERT_REVOCATION_DATA_INVALID)
+ _gnutls_buffer_append_str (&str, _("The revocation data provided by the peer are invalid. "));
- if (status & GNUTLS_CERT_REVOCATION_DATA_INVALID)
- _gnutls_buffer_append_str (&str, _("- The revocation data provided by the peer are invalid\n"));
+ if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
+ _gnutls_buffer_append_str (&str, _("Peer's certificate issuer is unknown. "));
- if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
- _gnutls_buffer_append_str (&str, _("- Peer's certificate issuer is unknown\n"));
-
- if (status & GNUTLS_CERT_SIGNER_NOT_CA)
- _gnutls_buffer_append_str (&str, _("- Peer's certificate issuer is not a CA\n"));
- }
+ if (status & GNUTLS_CERT_SIGNER_NOT_CA)
+ _gnutls_buffer_append_str (&str, _("Peer's certificate issuer is not a CA. "));
}
else if (type == GNUTLS_CRT_OPENPGP)
{
- if (status == 0)
- _gnutls_buffer_append_str (&str, _("- Peer's key is valid\n"));
-
- if (status & GNUTLS_CERT_INVALID)
- _gnutls_buffer_append_str (&str, _("- Peer's certificate is invalid\n"));
+ _gnutls_buffer_append_str (&str, _("Peer's certificate is not trusted. "));
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
- _gnutls_buffer_append_str (&str, _("- Could not find a signer of the peer's certificate\n"));
+ _gnutls_buffer_append_str (&str, _("Could not find a signer of the peer's certificate. "));
if (status & GNUTLS_CERT_REVOKED)
- _gnutls_buffer_append_str (&str, _("- Peer's certificate is revoked\n"));
+ _gnutls_buffer_append_str (&str, _("Peer's certificate is revoked. "));
}
if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
- _gnutls_buffer_append_str (&str, _("- Peer's certificate chain uses insecure algorithm\n"));
+ _gnutls_buffer_append_str (&str, _("Peer's certificate chain uses insecure algorithm. "));
if (status & GNUTLS_CERT_NOT_ACTIVATED)
- _gnutls_buffer_append_str (&str, _("- Peer's certificate chain uses not yet valid certificate\n"));
+ _gnutls_buffer_append_str (&str, _("Peer's certificate chain uses not yet valid certificate. "));
if (status & GNUTLS_CERT_EXPIRED)
- _gnutls_buffer_append_str (&str, _("- Peer's certificate chain uses expired certificate\n"));
+ _gnutls_buffer_append_str (&str, _("Peer's certificate chain uses expired certificate. "));
+
+ if (status & GNUTLS_CERT_SIGNATURE_FAILURE)
+ _gnutls_buffer_append_str (&str, _("The signature in the certificate is invalid. "));
if (status & GNUTLS_CERT_UNEXPECTED_OWNER)
- _gnutls_buffer_append_str (&str, _("- The name in the certificate does not match the expected\n"));
+ _gnutls_buffer_append_str (&str, _("The name in the certificate does not match the expected. "));
+
+ _gnutls_buffer_append_str (&str, "\n");
ret = _gnutls_buffer_to_datum( &str, out);
if (out->size > 0) out->size--;