ima-evm-utils: Show information about x509 cert when loading public key
diff mbox series

Message ID 20190719214436.22871-1-vt@altlinux.org
State New
Headers show
Series
  • ima-evm-utils: Show information about x509 cert when loading public key
Related show

Commit Message

Vitaly Chikunov July 19, 2019, 9:44 p.m. UTC
If verbose output is specified output some interesting x509 cert flags
and if it have defined Digital Signature purpose of not. While these
constraints are not enforced anywhere this may be useful for user to
know.

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
---
 src/libimaevm.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

Patch
diff mbox series

diff --git a/src/libimaevm.c b/src/libimaevm.c
index 2280add..1c85397 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -56,6 +56,7 @@ 
 #include <openssl/pem.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include <openssl/x509v3.h>
 #include <openssl/err.h>
 
 #include "imaevm.h"
@@ -333,6 +334,26 @@  EVP_PKEY *read_pub_pkey(const char *keyfile, int x509)
 				keyfile);
 			goto out;
 		}
+
+		if (params.verbose > LOG_INFO) {
+			uint32_t flags;
+
+			flags = X509_get_extension_flags(crt);
+			log_info("Load x509 cert: %s flags:", keyfile);
+			if (flags & EXFLAG_CA)
+				log_info(" CA");
+			if (flags & EXFLAG_SI)
+				log_info(" Self-issued");
+			if (flags & EXFLAG_SS)
+				log_info(" Self-signed");
+			flags = X509_get_key_usage(crt);
+			if (flags & KU_DIGITAL_SIGNATURE)
+				log_info(" Digital-Signature");
+			else
+				log_info(" No-Digital-Signature");
+			log_info("\n");
+		}
+
 		pkey = X509_extract_key(crt);
 		X509_free(crt);
 		if (!pkey) {