From: Nikos Mavrogiannopoulos Date: Wed, 31 Oct 2012 21:46:32 +0000 (+0100) Subject: updated gnutls_certificate_verification_status_print() presentation X-Git-Tag: gnutls_3_1_4~72 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2aa6ec13fc2976564f0046e67ea6e175f1f2a0d7;p=thirdparty%2Fgnutls.git updated gnutls_certificate_verification_status_print() presentation --- diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index f803a65dd6..5bb20f1b1d 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -930,57 +930,55 @@ gnutls_certificate_verification_status_print (unsigned int status, _gnutls_buffer_init (&str); + if (status == 0) + _gnutls_buffer_append_str (&str, _("Peer's certificate is trusted. ")); + else + _gnutls_buffer_append_str (&str, _("Peer's certificate is NOT trusted. ")); + if (type == GNUTLS_CRT_X509) { - if (status == 0) - _gnutls_buffer_append_str (&str, _("- Peer's certificate is trusted\n")); - else - { - if (status & GNUTLS_CERT_INVALID) - _gnutls_buffer_append_str (&str, _("- Peer's certificate is NOT trusted\n")); + if (status & GNUTLS_CERT_REVOKED) + _gnutls_buffer_append_str (&str, _("Peer's certificate chain revoked. ")); - if (status & GNUTLS_CERT_REVOKED) - _gnutls_buffer_append_str (&str, _("- Peer's certificate chain revoked\n")); + if (status & GNUTLS_CERT_REVOCATION_DATA_TOO_OLD) + _gnutls_buffer_append_str (&str, _("The revocation data provided by the peer are too old. ")); - if (status & GNUTLS_CERT_REVOCATION_DATA_TOO_OLD) - _gnutls_buffer_append_str (&str, _("- The revocation data provided by the peer are too old\n")); + if (status & GNUTLS_CERT_REVOCATION_DATA_INVALID) + _gnutls_buffer_append_str (&str, _("The revocation data provided by the peer are invalid. ")); - if (status & GNUTLS_CERT_REVOCATION_DATA_INVALID) - _gnutls_buffer_append_str (&str, _("- The revocation data provided by the peer are invalid\n")); + if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) + _gnutls_buffer_append_str (&str, _("Peer's certificate issuer is unknown. ")); - if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) - _gnutls_buffer_append_str (&str, _("- Peer's certificate issuer is unknown\n")); - - if (status & GNUTLS_CERT_SIGNER_NOT_CA) - _gnutls_buffer_append_str (&str, _("- Peer's certificate issuer is not a CA\n")); - } + if (status & GNUTLS_CERT_SIGNER_NOT_CA) + _gnutls_buffer_append_str (&str, _("Peer's certificate issuer is not a CA. ")); } else if (type == GNUTLS_CRT_OPENPGP) { - if (status == 0) - _gnutls_buffer_append_str (&str, _("- Peer's key is valid\n")); - - if (status & GNUTLS_CERT_INVALID) - _gnutls_buffer_append_str (&str, _("- Peer's certificate is invalid\n")); + _gnutls_buffer_append_str (&str, _("Peer's certificate is not trusted. ")); if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) - _gnutls_buffer_append_str (&str, _("- Could not find a signer of the peer's certificate\n")); + _gnutls_buffer_append_str (&str, _("Could not find a signer of the peer's certificate. ")); if (status & GNUTLS_CERT_REVOKED) - _gnutls_buffer_append_str (&str, _("- Peer's certificate is revoked\n")); + _gnutls_buffer_append_str (&str, _("Peer's certificate is revoked. ")); } if (status & GNUTLS_CERT_INSECURE_ALGORITHM) - _gnutls_buffer_append_str (&str, _("- Peer's certificate chain uses insecure algorithm\n")); + _gnutls_buffer_append_str (&str, _("Peer's certificate chain uses insecure algorithm. ")); if (status & GNUTLS_CERT_NOT_ACTIVATED) - _gnutls_buffer_append_str (&str, _("- Peer's certificate chain uses not yet valid certificate\n")); + _gnutls_buffer_append_str (&str, _("Peer's certificate chain uses not yet valid certificate. ")); if (status & GNUTLS_CERT_EXPIRED) - _gnutls_buffer_append_str (&str, _("- Peer's certificate chain uses expired certificate\n")); + _gnutls_buffer_append_str (&str, _("Peer's certificate chain uses expired certificate. ")); + + if (status & GNUTLS_CERT_SIGNATURE_FAILURE) + _gnutls_buffer_append_str (&str, _("The signature in the certificate is invalid. ")); if (status & GNUTLS_CERT_UNEXPECTED_OWNER) - _gnutls_buffer_append_str (&str, _("- The name in the certificate does not match the expected\n")); + _gnutls_buffer_append_str (&str, _("The name in the certificate does not match the expected. ")); + + _gnutls_buffer_append_str (&str, "\n"); ret = _gnutls_buffer_to_datum( &str, out); if (out->size > 0) out->size--; diff --git a/src/common.c b/src/common.c index 3e8932a5e8..42ac6b6a17 100644 --- a/src/common.c +++ b/src/common.c @@ -340,7 +340,7 @@ cert_verify (gnutls_session_t session, const char* hostname) return 0; } - printf ("%s", out.data); + printf ("- %s", out.data); gnutls_free(out.data);