pki --print prints NameConstraints
authorMartin Willi <martin@revosec.ch>
Thu, 9 Dec 2010 12:34:17 +0000 (13:34 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 5 Jan 2011 15:46:00 +0000 (16:46 +0100)
src/pki/commands/print.c

index 35fdaac..0eb51cc 100644 (file)
@@ -178,6 +178,31 @@ static void print_x509(x509_t *x509)
                printf("pathlen:   %d\n", len);
        }
 
+       first = TRUE;
+       enumerator = x509->create_name_constraint_enumerator(x509, TRUE);
+       while (enumerator->enumerate(enumerator, &id))
+       {
+               if (first)
+               {
+                       printf("Permitted NameConstraints:\n");
+                       first = FALSE;
+               }
+               printf("           %Y\n", id);
+       }
+       enumerator->destroy(enumerator);
+       first = TRUE;
+       enumerator = x509->create_name_constraint_enumerator(x509, FALSE);
+       while (enumerator->enumerate(enumerator, &id))
+       {
+               if (first)
+               {
+                       printf("Excluded NameConstraints:\n");
+                       first = FALSE;
+               }
+               printf("           %Y\n", id);
+       }
+       enumerator->destroy(enumerator);
+
        chunk = x509->get_authKeyIdentifier(x509);
        if (chunk.ptr)
        {