From eecdea2e2093d3cceee3161bb1b2afde316c68f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Thu, 7 Dec 2006 22:35:27 +0000 Subject: [PATCH] (check_key_usage): tell what keyusages are missing git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19279 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/hx509/cert.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/hx509/cert.c b/lib/hx509/cert.c index b2450a3a5..482cc35a8 100644 --- a/lib/hx509/cert.c +++ b/lib/hx509/cert.c @@ -552,8 +552,15 @@ check_key_usage(hx509_context context, const Certificate *cert, return ret; ku_flags = KeyUsage2int(ku); if ((ku_flags & flags) != flags) { + unsigned missing = (~ku_flags) & flags; + char buf[256], *name; + + unparse_flags(missing, asn1_KeyUsage_units(), buf, sizeof(buf)); + _hx509_unparse_Name(&cert->tbsCertificate.issuer, &name); hx509_set_error_string(context, 0, HX509_KU_CERT_MISSING, - "Key usage missing from certifiate"); + "Key usage %s required but missing " + "from certifiate %s", buf, name); + free(name); return HX509_KU_CERT_MISSING; } return 0;