[openssl.org #2552] PATCH: add ability to print root certificate 'issuer' field when using openssl verify

[Walter Goulet via RT]

Hi,

The following patch prints out the issuer field of the certificate at the
top of the chain once the X509_verify_cert function has completed
successfully. The field is printed if the 'verbose' flag is specified.

Applies to openssl 1.0.0d

Thanks,
Walter

--- /home/wgoulet/Downloads/
openssl-1.0.0d/apps/verify.c    2009-10-31 12:21:47.000000000 -0700
+++ verify.c    2011-06-29 22:47:33.127029311 -0700
@@ -257,6 +257,7 @@
     {
     X509 *x=NULL;
     int i=0,ret=0;
+    char buf[2048];
     X509_STORE_CTX *csc;

     x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
@@ -280,6 +281,11 @@
     if (crls)
         X509_STORE_CTX_set0_crls(csc, crls);
     i=X509_verify_cert(csc);
+    X509_NAME_oneline(X509_get_issuer_name(csc->current_issuer),buf,2048);
+    if(v_verbose)
+        {
+        fprintf(stdout,"Trusted certificate at top of chain: issuer=
%s\n",buf);
+        }
     X509_STORE_CTX_free(csc);

     ret=0;

Hi,

The following patch prints out the issuer field of the certificate at the top of the chain once the X509_verify_cert function has completed successfully. The field is printed if the 'verbose' flag is specified.

Applies to openssl 1.0.0d

Thanks,
Walter

--- /home/wgoulet/Downloads/

openssl-1.0.0d/apps/verify.c??? 2009-10-31 12:21:47.000000000 -0700
+++ verify.c??? 2011-06-29 22:47:33.127029311 -0700
@@ -257,6 +257,7 @@
???? {
???? X509 *x=NULL;
???? int i=0,ret=0;
+??? char buf[2048];
???? X509_STORE_CTX *csc;
?
???? x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
@@ -280,6 +281,11 @@
???? if (crls)
???? ??? X509_STORE_CTX_set0_crls(csc, crls);
???? i=X509_verify_cert(csc);
+??? X509_NAME_oneline(X509_get_issuer_name(csc->current_issuer),buf,2048);
+??? if(v_verbose)
+??? ??? {
+??? ??? fprintf(stdout,"Trusted certificate at top of chain: issuer= %s\n",buf);
+??? ??? }
???? X509_STORE_CTX_free(csc);
?
???? ret=0;