summaryrefslogtreecommitdiff
path: root/src/cli.c
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2012-11-01 19:46:43 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2012-11-01 21:01:45 +0100
commit91dd6004d7725a35e5fed730447fbf3f2e3093ec (patch)
tree6fe8a4eb5901d8731860184af1a125e7fe29df37 /src/cli.c
parente20ce503acb15e63d4df992356b9d3501352e324 (diff)
downloadgnutls-91dd6004d7725a35e5fed730447fbf3f2e3093ec.tar.gz
Added dane_verification_status_print() and danetool can verify a DANE entry.
Diffstat (limited to 'src/cli.c')
-rw-r--r--src/cli.c18
1 files changed, 8 insertions, 10 deletions
diff --git a/src/cli.c b/src/cli.c
index 6064ad4e31..513dda7d81 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -498,20 +498,18 @@ cert_verify_callback (gnutls_session_t session)
}
else
{
- if (status != 0)
+ gnutls_datum_t out;
+
+ rc = dane_verification_status_print( status, &out, 0);
+ if (rc < 0)
{
- fprintf(stderr, "*** DANE certificate verification failed (flags %x).\n", status);
- if (status & DANE_VERIFY_CA_CONSTRAINS_VIOLATED)
- fprintf(stderr, "- CA constrains were violated.\n");
- if (status & DANE_VERIFY_CERT_DIFFERS)
- fprintf(stderr, "- The certificate differs.\n");
- if (status & DANE_VERIFY_NO_DANE_INFO)
- fprintf(stderr, "- There was no DANE information.\n");
+ fprintf(stderr, "*** DANE error: %s\n", dane_strerror(rc));
if (!insecure)
return -1;
}
- else
- printf("- DANE verification didn't reject the certificate.\n");
+
+ fprintf(stderr, "- %s\n", out.data);
+ gnutls_free(out.data);
}
}
View Lorry Controller Status