diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-29 15:52:19 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-29 15:52:19 +0100 |
commit | ad12e726d44877303e61a8bd3989aef6cbda2cb4 (patch) | |
tree | a4da3895eb609506561b6fccc26f6699e2de6e94 /src/ocsptool-common.c | |
parent | 6a541f6a85459b822695c7ba1c1ad2651315c3de (diff) | |
download | gnutls-ad12e726d44877303e61a8bd3989aef6cbda2cb4.tar.gz |
cleanup a bit the printing information stuff.
Diffstat (limited to 'src/ocsptool-common.c')
-rw-r--r-- | src/ocsptool-common.c | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/src/ocsptool-common.c b/src/ocsptool-common.c index b52c35316b..d74e5534d3 100644 --- a/src/ocsptool-common.c +++ b/src/ocsptool-common.c @@ -307,13 +307,13 @@ print_ocsp_verify_res (unsigned int output) * -1: dunno */ int -check_ocsp_response (gnutls_certificate_credentials xcred, - gnutls_datum_t *data) +check_ocsp_response (gnutls_x509_crt_t issuer, + gnutls_datum_t *data) { gnutls_ocsp_resp_t resp; int ret; unsigned int status, cert_status; - time_t rtime; + time_t rtime, ttime; ret = gnutls_ocsp_resp_init (&resp); if (ret < 0) @@ -323,15 +323,18 @@ check_ocsp_response (gnutls_certificate_credentials xcred, if (ret < 0) error (EXIT_FAILURE, 0, "importing response: %s", gnutls_strerror (ret)); - ret = gnutls_ocsp_resp_verify_cred (resp, xcred, &status, 0); + ret = gnutls_ocsp_resp_verify_direct( resp, issuer, &status, 0); if (ret < 0) - error (EXIT_FAILURE, 0, "gnutls_ocsp_resp_verify: %s", - gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "gnutls_ocsp_resp_verify_direct: %s", + gnutls_strerror (ret)); + + if (status != 0) + { + printf ("*** Verifying OCSP Response: "); + print_ocsp_verify_res (status); + printf (".\n"); + } - printf ("Verifying OCSP Response: "); - print_ocsp_verify_res (status); - printf (".\n"); - /* do not print revocation data if response was not verified */ if (status != 0) { @@ -340,17 +343,18 @@ check_ocsp_response (gnutls_certificate_credentials xcred, } ret = gnutls_ocsp_resp_get_single(resp, 0, NULL, NULL, NULL, NULL, - &cert_status, NULL, NULL, &rtime, NULL); + &cert_status, &ttime, NULL, &rtime, NULL); if (ret < 0) error (EXIT_FAILURE, 0, "reading response: %s", gnutls_strerror (ret)); if (cert_status == GNUTLS_OCSP_CERT_REVOKED) { - printf("Certificate was revoked at %s\n", ctime(&rtime)); + printf("*** Certificate was revoked at %s", ctime(&rtime)); ret = 0; goto cleanup; } + printf("- OCSP server flags certificate not revoked as of %s", ctime(&ttime)); ret = 1; cleanup: gnutls_ocsp_resp_deinit (resp); |