@@ -56,6 +56,7 @@
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
+#include <openssl/x509v3.h>
#include <openssl/err.h>
#include "imaevm.h"
@@ -333,6 +334,26 @@ EVP_PKEY *read_pub_pkey(const char *keyfile, int x509)
keyfile);
goto out;
}
+
+ if (params.verbose > LOG_INFO) {
+ uint32_t flags;
+
+ flags = X509_get_extension_flags(crt);
+ log_info("Load x509 cert: %s flags:", keyfile);
+ if (flags & EXFLAG_CA)
+ log_info(" CA");
+ if (flags & EXFLAG_SI)
+ log_info(" Self-issued");
+ if (flags & EXFLAG_SS)
+ log_info(" Self-signed");
+ flags = X509_get_key_usage(crt);
+ if (flags & KU_DIGITAL_SIGNATURE)
+ log_info(" Digital-Signature");
+ else
+ log_info(" No-Digital-Signature");
+ log_info("\n");
+ }
+
pkey = X509_extract_key(crt);
X509_free(crt);
if (!pkey) {
If verbose output is specified output some interesting x509 cert flags and if it have defined Digital Signature purpose of not. While these constraints are not enforced anywhere this may be useful for user to know. Signed-off-by: Vitaly Chikunov <vt@altlinux.org> --- src/libimaevm.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)