certtool: improved PKCS #7 verification output

author Nikos Mavrogiannopoulos <nmav@gnutls.org>

Mon, 1 Jun 2015 19:37:44 +0000 (21:37 +0200)

committer Nikos Mavrogiannopoulos <nmav@gnutls.org>

Tue, 2 Jun 2015 06:50:16 +0000 (08:50 +0200)
author Nikos Mavrogiannopoulos <nmav@gnutls.org>
Mon, 1 Jun 2015 19:37:44 +0000 (21:37 +0200)
committer Nikos Mavrogiannopoulos <nmav@gnutls.org>
Tue, 2 Jun 2015 06:50:16 +0000 (08:50 +0200)
diff --git a/src/certtool-args.def b/src/certtool-args.def

index 4b196529cd938e84e89d0b50ee5713ba22f27c43..6bf86ea7f24646319b1bad107c1ae9a199bf133f 100644 (file)
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -289,7 +289,7 @@ flag = {
  flag = {
      name      = p7-verify;
      descrip   = "Verify the provided PKCS #7 structure";
-    doc       = "This option verifies the signed PKCS #7 structure. The certificate list to use for verification can be specified with --load-ca-certificate. no certificate list is provided, then the system's certificate list is used.";
+    doc       = "This option verifies the signed PKCS #7 structure. The certificate list to use for verification can be specified with --load-ca-certificate. no certificate list is provided, then the system's certificate list is used. A key purpose can be enforced with the --verify-purpose option.";
  };
  
  
diff --git a/src/certtool.c b/src/certtool.c

index 48ca6e65ca5c9fe85b95723392a8e13ec994e523..07873555be61ec2558a5009abe87795188e4c4b5 100644 (file)
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -2717,7 +2717,7 @@ void verify_crl(common_info_st * cinfo)
         fprintf(outfile, "\n");
  }
  
-static void print_dn(const gnutls_datum_t *raw)
+static void print_dn(const char *prefix, const gnutls_datum_t *raw)
  {
         gnutls_x509_dn_t dn = NULL;
         gnutls_datum_t str = {NULL, 0};
@@ -2735,7 +2735,7 @@ static void print_dn(const gnutls_datum_t *raw)
         if (ret < 0)
                 goto cleanup;
  
-       fprintf(stderr, "DN: %s\n", str.data);
+       fprintf(stderr, "%s: %s\n", prefix, str.data);
  
   cleanup:
         gnutls_x509_dn_deinit(dn);
@@ -2792,17 +2792,17 @@ void verify_pkcs7(common_info_st * cinfo, const char *purpose)
                 if (ret < 0)
                         break;
  
-               print_dn(&info.issuer_dn);
-               fprintf(stderr, "Algorithm: %s\n\n", gnutls_sign_get_name(info.algo));
+               print_dn("\tSigner's issuer DN", &info.issuer_dn);
+               fprintf(stderr, "\tSignature Algorithm: %s\n", gnutls_sign_get_name(info.algo));
  
                 gnutls_pkcs7_signature_info_deinit(&info);
  
                 ret = gnutls_pkcs7_verify(pkcs7, tl, vdata, vdata_size, i, NULL, 0);
                 if (ret < 0) {
-                       fprintf(stderr, "Signature verification failed: %s\n", gnutls_strerror(ret));
+                       fprintf(stderr, "\tSignature status: verification failed: %s\n", gnutls_strerror(ret));
                         ecode = 1;
                 } else {
-                       fprintf(stderr, "Signature was verified\n");
+                       fprintf(stderr, "\tSignature status: ok\n");
                         ecode = 0;
                 }
         }
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Mon, 1 Jun 2015 19:37:44 +0000 (21:37 +0200)
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Tue, 2 Jun 2015 06:50:16 +0000 (08:50 +0200)
src/certtool-args.def		patch \| blob \| blame \| history
src/certtool.c		patch \| blob \| blame \| history