x509: output the inhibit anyPolicy value

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/x509/output.c b/lib/x509/output.c
index fddf7be907c9de45ba1924196f231da705e04129..e006db233c1ae383b37fa83bbefba5593fb2f5de 100644 (file)
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -975,6 +975,23 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix,
                        }
                }
                gnutls_x509_policies_deinit(policies);
+       } else if (strcmp(oid, "2.5.29.54") == 0) {
+               unsigned int skipcerts;
+
+               err = gnutls_x509_ext_import_inhibit_anypolicy(der, &skipcerts);
+               if (err < 0) {
+                       addf(str,
+                            "error: certificate inhibit any policy import: %s\n",
+                            gnutls_strerror(err));
+                       return;
+               }
+
+               addf(str,
+                    "%s\t\tInhibit anyPolicy skip certs: %u (%s)\n",
+                            prefix, skipcerts,
+                            critical ? _("critical") :
+                            _("not critical"));
+
        } else if (strcmp(oid, "2.5.29.35") == 0) {
 
                if (idx->aki) {