diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2006-05-30 07:42:52 +0000 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2006-05-30 07:42:52 +0000 |
| commit | c164f8c4a7606442802e5546a5b3d11bb12a774f (patch) | |
| tree | 57ff8266e3bcca8362be6e5c6579a8639feb1fb8 /src/libstrongswan | |
| parent | 7c2e556644cda5a5d8007e6971eb9e0e51be6eeb (diff) | |
| download | strongswan-c164f8c4a7606442802e5546a5b3d11bb12a774f.tar.bz2 strongswan-c164f8c4a7606442802e5546a5b3d11bb12a774f.tar.xz | |
log_certificates() now shows keyid and availability of matching private key
Diffstat (limited to 'src/libstrongswan')
| -rwxr-xr-x | src/libstrongswan/crypto/x509.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/libstrongswan/crypto/x509.c b/src/libstrongswan/crypto/x509.c index 3e0f039e1..3eb4a961d 100755 --- a/src/libstrongswan/crypto/x509.c +++ b/src/libstrongswan/crypto/x509.c @@ -1012,12 +1012,11 @@ char* check_expiry(time_t expiration_date, int warning_interval, bool strict) /** * log certificate */ -static void log_certificate(private_x509_t *this, logger_t *logger, bool utc) +static void log_certificate(private_x509_t *this, logger_t *logger, bool utc, bool has_key) { identification_t *subject = this->subject; identification_t *issuer = this->issuer; - - rsa_public_key_t *rsa_key = this->public_key; + rsa_public_key_t *pubkey = this->public_key; char buf[BUF_LEN]; time_t now; @@ -1037,7 +1036,12 @@ static void log_certificate(private_x509_t *this, logger_t *logger, bool utc) timetoa(buf, BUF_LEN, &this->notAfter, utc); logger->log(logger, CONTROL, " not after %s %s", buf, check_expiry(this->notAfter, CERT_WARNING_INTERVAL, TRUE)); - logger->log(logger, CONTROL, " pubkey: RSA %d bits", BITS_PER_BYTE * rsa_key->get_keysize(rsa_key)); + + logger->log(logger, CONTROL, " pubkey: RSA %d bits%s", + BITS_PER_BYTE * pubkey->get_keysize(pubkey), has_key? ", has private key":""); + chunk_to_hex(buf, BUF_LEN, pubkey->get_keyid(pubkey)); + logger->log(logger, CONTROL, " keyid: %s", buf); + if (this->subjectKeyID.ptr != NULL) { chunk_to_hex(buf, BUF_LEN, this->subjectKeyID); @@ -1069,7 +1073,7 @@ x509_t *x509_create_from_chunk(chunk_t chunk) this->public.get_public_key = (rsa_public_key_t* (*) (x509_t*))get_public_key; this->public.get_subject = (identification_t* (*) (x509_t*))get_subject; this->public.get_issuer = (identification_t* (*) (x509_t*))get_issuer; - this->public.log_certificate = (void (*) (x509_t*,logger_t*,bool))log_certificate; + this->public.log_certificate = (void (*) (x509_t*,logger_t*,bool,bool))log_certificate; /* initialize */ this->subjectPublicKey = CHUNK_INITIALIZER; @@ -1104,13 +1108,13 @@ x509_t *x509_create_from_chunk(chunk_t chunk) /* * Described in header. */ -x509_t *x509_create_from_file(const char *filename) +x509_t *x509_create_from_file(const char *filename, const char *label) { bool pgp = FALSE; chunk_t chunk = CHUNK_INITIALIZER; x509_t *cert = NULL; - if (!pem_asn1_load_file(filename, "", "certificate", &chunk, &pgp)) + if (!pem_asn1_load_file(filename, "", label, &chunk, &pgp)) return NULL; cert = x509_create_from_chunk(chunk); |