Adds a new API gnutls_session_set_verify_output_function() that allows TLS applications
Add a description of the new feature/bug fix. Reference any relevant bugs.
Checklist
-
Commits have Signed-off-by:
with name/author being identical to the commit author -
Code modified for feature -
Test suite updated with functionality tests -
Test suite updated with negative tests -
Documentation updated / NEWS entry present (for non-trivial changes) -
CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)
Reviewer's checklist:
-
Any issues marked for closing are addressed -
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
-
This feature/change has adequate documentation added -
No obvious mistakes in the code
Adds a new API gnutls_session_set_verify_output_function() that allows TLS applications
to have a way to pass the gnutls_verify_output_function
as a callback so that the full
path of the certificate chain to the trusted root can be available as output.
Fixes #1012 (closed)
This API is added to the test auto-verify.c
Sample test output with this API is :
client|<2>| EXT[0xf7f1e0]: client generated SECP256R1 shared key
63 client|<2>| Print full certificate path validation to trust root.
64 Subject: CN=CA-1
65 Issuer: CN=CA-0
66 Checked against: CN=CA-0
67 Signature algorithm: RSA-SHA256
68 Output: Verified. The certificate is trusted.
69
70 Subject: CN=server-2
71 Issuer: CN=CA-1
72 Checked against: CN=CA-1
73 Signature algorithm: RSA-SHA256
74 Output: Verified. The certificate is trusted.
75
76 testing cert verification success1 for tls1.2