[openssl] master update
beldmit at gmail.com
beldmit at gmail.com
Tue May 19 08:39:14 UTC 2020
The branch master has been updated
via c0ec5ce0bf97c358bea29c81d3d16047244a9a7e (commit)
via 2f84d2a1f1653674f6885a42efd2f648f8372491 (commit)
from e9e7b5df865c0bcd0a99d8146ec05378892a36e1 (commit)
- Log -----------------------------------------------------------------
commit c0ec5ce0bf97c358bea29c81d3d16047244a9a7e
Author: Marc <34656315+MarcT512 at users.noreply.github.com>
Date: Sat May 16 19:31:03 2020 +0100
Use _get0_ functions instead of _get_.
Fix build error on some platforms
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10757)
commit 2f84d2a1f1653674f6885a42efd2f648f8372491
Author: Marc <34656315+MarcT512 at users.noreply.github.com>
Date: Sat Jan 4 15:27:17 2020 +0000
s_client: Show cert algorithms & validity period
Add certificate validity period (v) and public key & signature algorithms (a) to the "Certificate Chain" output.
Eg:
Certificate chain
0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com
i:C = US, O = Google Trust Services, CN = GTS CA 1O1
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Dec 3 14:49:26 2019 GMT; NotAfter: Feb 25 14:49:26 2020 GMT
1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1
i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jun 15 00:00:42 2017 GMT; NotAfter: Dec 15 00:00:42 2021 GMT
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10757)
-----------------------------------------------------------------------
Summary of changes:
apps/s_client.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/apps/s_client.c b/apps/s_client.c
index 8bab4e2827..a5f0fa0444 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -3151,6 +3151,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
X509 *peer = NULL;
STACK_OF(X509) *sk;
const SSL_CIPHER *c;
+ EVP_PKEY *public_key;
int i, istls13 = (SSL_version(s) == TLS1_3_VERSION);
long verify_result;
#ifndef OPENSSL_NO_COMP
@@ -3176,6 +3177,19 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_printf(bio, " i:");
X509_NAME_print_ex(bio, X509_get_issuer_name(sk_X509_value(sk, i)), 0, get_nameopt());
BIO_puts(bio, "\n");
+ public_key = X509_get_pubkey(sk_X509_value(sk, i));
+ if (public_key != NULL) {
+ BIO_printf(bio, " a:PKEY: %s, %d (bit); sigalg: %s\n",
+ OBJ_nid2sn(EVP_PKEY_base_id(public_key)),
+ EVP_PKEY_bits(public_key),
+ OBJ_nid2sn(X509_get_signature_nid(sk_X509_value(sk, i))));
+ EVP_PKEY_free(public_key);
+ }
+ BIO_printf(bio, " v:NotBefore: ");
+ ASN1_TIME_print(bio, X509_get0_notBefore(sk_X509_value(sk, i)));
+ BIO_printf(bio, "; NotAfter: ");
+ ASN1_TIME_print(bio, X509_get0_notAfter(sk_X509_value(sk, i)));
+ BIO_puts(bio, "\n");
if (c_showcerts)
PEM_write_bio_X509(bio, sk_X509_value(sk, i));
}
More information about the openssl-commits
mailing list