diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-11-01 19:46:43 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-11-01 21:01:45 +0100 |
commit | 91dd6004d7725a35e5fed730447fbf3f2e3093ec (patch) | |
tree | 6fe8a4eb5901d8731860184af1a125e7fe29df37 /src/cli.c | |
parent | e20ce503acb15e63d4df992356b9d3501352e324 (diff) | |
download | gnutls-91dd6004d7725a35e5fed730447fbf3f2e3093ec.tar.gz |
Added dane_verification_status_print() and danetool can verify a DANE entry.
Diffstat (limited to 'src/cli.c')
-rw-r--r-- | src/cli.c | 18 |
1 files changed, 8 insertions, 10 deletions
@@ -498,20 +498,18 @@ cert_verify_callback (gnutls_session_t session) } else { - if (status != 0) + gnutls_datum_t out; + + rc = dane_verification_status_print( status, &out, 0); + if (rc < 0) { - fprintf(stderr, "*** DANE certificate verification failed (flags %x).\n", status); - if (status & DANE_VERIFY_CA_CONSTRAINS_VIOLATED) - fprintf(stderr, "- CA constrains were violated.\n"); - if (status & DANE_VERIFY_CERT_DIFFERS) - fprintf(stderr, "- The certificate differs.\n"); - if (status & DANE_VERIFY_NO_DANE_INFO) - fprintf(stderr, "- There was no DANE information.\n"); + fprintf(stderr, "*** DANE error: %s\n", dane_strerror(rc)); if (!insecure) return -1; } - else - printf("- DANE verification didn't reject the certificate.\n"); + + fprintf(stderr, "- %s\n", out.data); + gnutls_free(out.data); } } |