The branch master has been updated via c0ec5ce0bf97c358bea29c81d3d16047244a9a7e (commit) via 2f84d2a1f1653674f6885a42efd2f648f8372491 (commit) from e9e7b5df865c0bcd0a99d8146ec05378892a36e1 (commit)
- Log ----------------------------------------------------------------- commit c0ec5ce0bf97c358bea29c81d3d16047244a9a7e Author: Marc <34656315+marct...@users.noreply.github.com> Date: Sat May 16 19:31:03 2020 +0100 Use _get0_ functions instead of _get_. Fix build error on some platforms Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10757) commit 2f84d2a1f1653674f6885a42efd2f648f8372491 Author: Marc <34656315+marct...@users.noreply.github.com> Date: Sat Jan 4 15:27:17 2020 +0000 s_client: Show cert algorithms & validity period Add certificate validity period (v) and public key & signature algorithms (a) to the "Certificate Chain" output. Eg: Certificate chain 0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com i:C = US, O = Google Trust Services, CN = GTS CA 1O1 a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Dec 3 14:49:26 2019 GMT; NotAfter: Feb 25 14:49:26 2020 GMT 1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1 i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jun 15 00:00:42 2017 GMT; NotAfter: Dec 15 00:00:42 2021 GMT Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10757) ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/apps/s_client.c b/apps/s_client.c index 8bab4e2827..a5f0fa0444 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -3151,6 +3151,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) X509 *peer = NULL; STACK_OF(X509) *sk; const SSL_CIPHER *c; + EVP_PKEY *public_key; int i, istls13 = (SSL_version(s) == TLS1_3_VERSION); long verify_result; #ifndef OPENSSL_NO_COMP @@ -3176,6 +3177,19 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_printf(bio, " i:"); X509_NAME_print_ex(bio, X509_get_issuer_name(sk_X509_value(sk, i)), 0, get_nameopt()); BIO_puts(bio, "\n"); + public_key = X509_get_pubkey(sk_X509_value(sk, i)); + if (public_key != NULL) { + BIO_printf(bio, " a:PKEY: %s, %d (bit); sigalg: %s\n", + OBJ_nid2sn(EVP_PKEY_base_id(public_key)), + EVP_PKEY_bits(public_key), + OBJ_nid2sn(X509_get_signature_nid(sk_X509_value(sk, i)))); + EVP_PKEY_free(public_key); + } + BIO_printf(bio, " v:NotBefore: "); + ASN1_TIME_print(bio, X509_get0_notBefore(sk_X509_value(sk, i))); + BIO_printf(bio, "; NotAfter: "); + ASN1_TIME_print(bio, X509_get0_notAfter(sk_X509_value(sk, i))); + BIO_puts(bio, "\n"); if (c_showcerts) PEM_write_bio_X509(bio, sk_X509_value(sk, i)); }