diff --git a/src/config/tlscerts.c b/src/config/tlscerts.c index 969b9630..9a622e66 100644 --- a/src/config/tlscerts.c +++ b/src/config/tlscerts.c @@ -54,7 +54,7 @@ static void _save_tlscerts(void); static Autocomplete certs_ac; -static char* current_fp; +static gchar* current_fp; static void _tlscerts_close(void) @@ -62,7 +62,7 @@ _tlscerts_close(void) free_keyfile(&tlscerts_prof_keyfile); tlscerts = NULL; - free(current_fp); + g_free(current_fp); current_fp = NULL; autocomplete_free(certs_ac); @@ -93,9 +93,9 @@ void tlscerts_set_current(const TLSCertificate* cert) { if (current_fp) { - free(current_fp); + g_free(current_fp); } - current_fp = strdup(cert->fingerprint); + current_fp = g_strdup(cert->fingerprint); } gboolean @@ -108,7 +108,7 @@ void tlscerts_clear_current(void) { if (current_fp) { - free(current_fp); + g_free(current_fp); current_fp = NULL; } } @@ -119,6 +119,89 @@ tlscerts_exists(const TLSCertificate* cert) return g_key_file_has_group(tlscerts, cert->fingerprint); } +#define _name_to_tlscert_name(in, cert, which) \ + do { \ + _name_to_tlscert_name_(in, &cert->which, #which); \ + } while (0) +static void +_name_to_tlscert_name_(const char* in, tls_cert_name_t* out, const char* name); + +static TLSCertificate* +_tlscerts_new(gchar* fingerprint_sha1, int version, gchar* serialnumber, gchar* subjectname, + gchar* issuername, gchar* notbefore, gchar* notafter, + gchar* key_alg, gchar* signature_alg, gchar* pem, + gchar* fingerprint_sha256, gchar* pubkey_fingerprint) +{ + TLSCertificate* cert = calloc(1, sizeof(TLSCertificate)); + + if (fingerprint_sha256 && fingerprint_sha1) { + cert->fingerprint_sha256 = fingerprint_sha256; + cert->fingerprint_sha1 = fingerprint_sha1; + cert->fingerprint = cert->fingerprint_sha256; + } else { + if (fingerprint_sha256) { + size_t s = strlen(fingerprint_sha256); + switch (s) { + case 40: + cert->fingerprint_sha1 = fingerprint_sha256; + cert->fingerprint = cert->fingerprint_sha1; + break; + case 64: + cert->fingerprint_sha256 = fingerprint_sha256; + cert->fingerprint = cert->fingerprint_sha256; + break; + default: + log_error("fingerprint_sha256 of length %d unexpected: %s", s, fingerprint_sha256); + } + } else { + cert->fingerprint_sha1 = fingerprint_sha1; + cert->fingerprint = cert->fingerprint_sha1; + } + } + + cert->version = version; + cert->serialnumber = serialnumber; + cert->subjectname = subjectname; + cert->issuername = issuername; + cert->notbefore = notbefore; + cert->notafter = notafter; + cert->key_alg = key_alg; + cert->signature_alg = signature_alg; + cert->pem = pem; + cert->pubkey_fingerprint = pubkey_fingerprint; + + /* Do this check after assigning all values, in order to not leak them, + * even though the situation is most likely already FUBAR */ + if (!fingerprint_sha256 && !fingerprint_sha1) { + log_error("No TLSCertificate w/o fingerprint"); + tlscerts_free(cert); + return NULL; + } + + _name_to_tlscert_name(subjectname, cert, subject); + _name_to_tlscert_name(issuername, cert, issuer); + + return cert; +} + +static TLSCertificate* +_get_TLSCertificate(const gchar* fingerprint) +{ + int version = g_key_file_get_integer(tlscerts, fingerprint, "version", NULL); + gchar* serialnumber = g_key_file_get_string(tlscerts, fingerprint, "serialnumber", NULL); + gchar* subjectname = g_key_file_get_string(tlscerts, fingerprint, "subjectname", NULL); + gchar* issuername = g_key_file_get_string(tlscerts, fingerprint, "issuername", NULL); + gchar* notbefore = g_key_file_get_string(tlscerts, fingerprint, "start", NULL); + gchar* notafter = g_key_file_get_string(tlscerts, fingerprint, "end", NULL); + gchar* keyalg = g_key_file_get_string(tlscerts, fingerprint, "keyalg", NULL); + gchar* signaturealg = g_key_file_get_string(tlscerts, fingerprint, "signaturealg", NULL); + gchar* fingerprint_sha1 = g_key_file_get_string(tlscerts, fingerprint, "fingerprint_sha1", NULL); + gchar* pubkey_fingerprint = g_key_file_get_string(tlscerts, fingerprint, "pubkey_fingerprint", NULL); + + return _tlscerts_new(fingerprint_sha1, version, serialnumber, subjectname, issuername, notbefore, + notafter, keyalg, signaturealg, NULL, g_strdup(fingerprint), pubkey_fingerprint); +} + GList* tlscerts_list(void) { @@ -126,136 +209,89 @@ tlscerts_list(void) gsize len = 0; auto_gcharv gchar** groups = g_key_file_get_groups(tlscerts, &len); - for (int i = 0; i < g_strv_length(groups); i++) { - char* fingerprint = groups[i]; - int version = g_key_file_get_integer(tlscerts, fingerprint, "version", NULL); - auto_gchar gchar* serialnumber = g_key_file_get_string(tlscerts, fingerprint, "serialnumber", NULL); - auto_gchar gchar* subjectname = g_key_file_get_string(tlscerts, fingerprint, "subjectname", NULL); - auto_gchar gchar* issuername = g_key_file_get_string(tlscerts, fingerprint, "issuername", NULL); - auto_gchar gchar* notbefore = g_key_file_get_string(tlscerts, fingerprint, "start", NULL); - auto_gchar gchar* notafter = g_key_file_get_string(tlscerts, fingerprint, "end", NULL); - auto_gchar gchar* keyalg = g_key_file_get_string(tlscerts, fingerprint, "keyalg", NULL); - auto_gchar gchar* signaturealg = g_key_file_get_string(tlscerts, fingerprint, "signaturealg", NULL); - - TLSCertificate* cert = tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore, - notafter, keyalg, signaturealg, NULL, NULL, NULL); - - res = g_list_append(res, cert); + for (gsize i = 0; i < len; i++) { + res = g_list_append(res, _get_TLSCertificate(groups[i])); } return res; } +static void +_name_to_tlscert_name_(const char* in, tls_cert_name_t* out, const char* name) +{ + auto_gcharv gchar** fields = g_strsplit(in, "/", 0); + const guint fields_num = g_strv_length(fields); + for (guint i = 0; i < fields_num; i++) { + auto_gcharv gchar** keyval = g_strsplit(fields[i], "=", 2); + if (g_strv_length(keyval) == 2) { + +#define tls_cert_name_set(which) \ + do { \ + if (out->which) { \ + log_warning("%s." #which " already set, skip %s", name, keyval[1]); \ + continue; \ + } \ + out->which = g_strdup(keyval[1]); \ + } while (0) + + if ((g_strcmp0(keyval[0], "C") == 0) || (g_strcmp0(keyval[0], "countryName") == 0)) { + tls_cert_name_set(country); + } + if ((g_strcmp0(keyval[0], "ST") == 0) || (g_strcmp0(keyval[0], "stateOrProvinceName") == 0)) { + tls_cert_name_set(state); + } + if (g_strcmp0(keyval[0], "dnQualifier") == 0) { + tls_cert_name_set(distinguishedname); + } + if (g_strcmp0(keyval[0], "serialnumber") == 0) { + tls_cert_name_set(serialnumber); + } + if ((g_strcmp0(keyval[0], "CN") == 0) || (g_strcmp0(keyval[0], "commonName") == 0)) { + tls_cert_name_set(commonname); + } + if ((g_strcmp0(keyval[0], "O") == 0) || (g_strcmp0(keyval[0], "organizationName") == 0)) { + tls_cert_name_set(organisation); + } + if ((g_strcmp0(keyval[0], "OU") == 0) || (g_strcmp0(keyval[0], "organizationalUnitName") == 0)) { + tls_cert_name_set(organisation_unit); + } + if (g_strcmp0(keyval[0], "emailAddress") == 0) { + tls_cert_name_set(email); + } +#undef tls_cert_name_set + } + } +} + +static gchar* +_checked_g_strdup(const char* in) +{ + if (in == NULL) + return NULL; + return g_strdup(in); +} + TLSCertificate* tlscerts_new(const char* fingerprint_sha1, int version, const char* serialnumber, const char* subjectname, const char* issuername, const char* notbefore, const char* notafter, const char* key_alg, const char* signature_alg, const char* pem, const char* fingerprint_sha256, const char* pubkey_fingerprint) { - TLSCertificate* cert = calloc(1, sizeof(TLSCertificate)); + return _tlscerts_new(_checked_g_strdup(fingerprint_sha1), version, _checked_g_strdup(serialnumber), _checked_g_strdup(subjectname), + _checked_g_strdup(issuername), _checked_g_strdup(notbefore), _checked_g_strdup(notafter), + _checked_g_strdup(key_alg), _checked_g_strdup(signature_alg), _checked_g_strdup(pem), + _checked_g_strdup(fingerprint_sha256), _checked_g_strdup(pubkey_fingerprint)); +} - if (fingerprint_sha256) { - cert->fingerprint_sha256 = strdup(fingerprint_sha256); - cert->fingerprint = cert->fingerprint_sha256; - } - if (fingerprint_sha1) { - cert->fingerprint_sha1 = strdup(fingerprint_sha1); - if (!cert->fingerprint) { - cert->fingerprint = cert->fingerprint_sha1; - } - } - cert->version = version; - if (serialnumber) { - cert->serialnumber = strdup(serialnumber); - } - if (subjectname) { - cert->subjectname = strdup(subjectname); - } - if (issuername) { - cert->issuername = strdup(issuername); - } - if (notbefore) { - cert->notbefore = strdup(notbefore); - } - if (notafter) { - cert->notafter = strdup(notafter); - } - if (key_alg) { - cert->key_alg = strdup(key_alg); - } - if (signature_alg) { - cert->signature_alg = strdup(signature_alg); - } - if (pem) { - cert->pem = strdup(pem); - } - if (pubkey_fingerprint) { - cert->pubkey_fingerprint = strdup(pubkey_fingerprint); - } - - auto_gcharv gchar** fields = g_strsplit(subjectname, "/", 0); - for (int i = 0; i < g_strv_length(fields); i++) { - auto_gcharv gchar** keyval = g_strsplit(fields[i], "=", 2); - if (g_strv_length(keyval) == 2) { - if ((g_strcmp0(keyval[0], "C") == 0) || (g_strcmp0(keyval[0], "countryName") == 0)) { - cert->subject_country = strdup(keyval[1]); - } - if ((g_strcmp0(keyval[0], "ST") == 0) || (g_strcmp0(keyval[0], "stateOrProvinceName") == 0)) { - cert->subject_state = strdup(keyval[1]); - } - if (g_strcmp0(keyval[0], "dnQualifier") == 0) { - cert->subject_distinguishedname = strdup(keyval[1]); - } - if (g_strcmp0(keyval[0], "serialnumber") == 0) { - cert->subject_serialnumber = strdup(keyval[1]); - } - if ((g_strcmp0(keyval[0], "CN") == 0) || (g_strcmp0(keyval[0], "commonName") == 0)) { - cert->subject_commonname = strdup(keyval[1]); - } - if ((g_strcmp0(keyval[0], "O") == 0) || (g_strcmp0(keyval[0], "organizationName") == 0)) { - cert->subject_organisation = strdup(keyval[1]); - } - if ((g_strcmp0(keyval[0], "OU") == 0) || (g_strcmp0(keyval[0], "organizationalUnitName") == 0)) { - cert->subject_organisation_unit = strdup(keyval[1]); - } - if (g_strcmp0(keyval[0], "emailAddress") == 0) { - cert->subject_email = strdup(keyval[1]); - } - } - } - - auto_gcharv gchar** fields2 = g_strsplit(issuername, "/", 0); - for (int i = 0; i < g_strv_length(fields2); i++) { - auto_gcharv gchar** keyval = g_strsplit(fields2[i], "=", 2); - if (g_strv_length(keyval) == 2) { - if ((g_strcmp0(keyval[0], "C") == 0) || (g_strcmp0(keyval[0], "countryName") == 0)) { - cert->issuer_country = strdup(keyval[1]); - } - if ((g_strcmp0(keyval[0], "ST") == 0) || (g_strcmp0(keyval[0], "stateOrProvinceName") == 0)) { - cert->issuer_state = strdup(keyval[1]); - } - if (g_strcmp0(keyval[0], "dnQualifier") == 0) { - cert->issuer_distinguishedname = strdup(keyval[1]); - } - if (g_strcmp0(keyval[0], "serialnumber") == 0) { - cert->issuer_serialnumber = strdup(keyval[1]); - } - if ((g_strcmp0(keyval[0], "CN") == 0) || (g_strcmp0(keyval[0], "commonName") == 0)) { - cert->issuer_commonname = strdup(keyval[1]); - } - if ((g_strcmp0(keyval[0], "O") == 0) || (g_strcmp0(keyval[0], "organizationName") == 0)) { - cert->issuer_organisation = strdup(keyval[1]); - } - if ((g_strcmp0(keyval[0], "OU") == 0) || (g_strcmp0(keyval[0], "organizationalUnitName") == 0)) { - cert->issuer_organisation_unit = strdup(keyval[1]); - } - if (g_strcmp0(keyval[0], "emailAddress") == 0) { - cert->issuer_email = strdup(keyval[1]); - } - } - } - - return cert; +static void +_checked_g_key_file_set_string(GKeyFile* key_file, + const gchar* group_name, + const gchar* key, + const gchar* string) +{ + if (string == NULL) + return; + g_key_file_set_string(key_file, group_name, key, string); } void @@ -272,27 +308,15 @@ tlscerts_add(const TLSCertificate* cert) autocomplete_add(certs_ac, cert->fingerprint); g_key_file_set_integer(tlscerts, cert->fingerprint, "version", cert->version); - if (cert->serialnumber) { - g_key_file_set_string(tlscerts, cert->fingerprint, "serialnumber", cert->serialnumber); - } - if (cert->subjectname) { - g_key_file_set_string(tlscerts, cert->fingerprint, "subjectname", cert->subjectname); - } - if (cert->issuername) { - g_key_file_set_string(tlscerts, cert->fingerprint, "issuername", cert->issuername); - } - if (cert->notbefore) { - g_key_file_set_string(tlscerts, cert->fingerprint, "start", cert->notbefore); - } - if (cert->notafter) { - g_key_file_set_string(tlscerts, cert->fingerprint, "end", cert->notafter); - } - if (cert->key_alg) { - g_key_file_set_string(tlscerts, cert->fingerprint, "keyalg", cert->key_alg); - } - if (cert->signature_alg) { - g_key_file_set_string(tlscerts, cert->fingerprint, "signaturealg", cert->signature_alg); - } + _checked_g_key_file_set_string(tlscerts, cert->fingerprint, "serialnumber", cert->serialnumber); + _checked_g_key_file_set_string(tlscerts, cert->fingerprint, "subjectname", cert->subjectname); + _checked_g_key_file_set_string(tlscerts, cert->fingerprint, "issuername", cert->issuername); + _checked_g_key_file_set_string(tlscerts, cert->fingerprint, "start", cert->notbefore); + _checked_g_key_file_set_string(tlscerts, cert->fingerprint, "end", cert->notafter); + _checked_g_key_file_set_string(tlscerts, cert->fingerprint, "keyalg", cert->key_alg); + _checked_g_key_file_set_string(tlscerts, cert->fingerprint, "signaturealg", cert->signature_alg); + _checked_g_key_file_set_string(tlscerts, cert->fingerprint, "fingerprint_sha1", cert->fingerprint_sha1); + _checked_g_key_file_set_string(tlscerts, cert->fingerprint, "pubkey_fingerprint", cert->pubkey_fingerprint); _save_tlscerts(); } @@ -311,23 +335,20 @@ tlscerts_revoke(const char* fingerprint) } TLSCertificate* -tlscerts_get_trusted(const char* fingerprint) +tlscerts_get_trusted(const gchar* fingerprint) { if (!g_key_file_has_group(tlscerts, fingerprint)) { + gsize len = 0; + auto_gcharv gchar** groups = g_key_file_get_groups(tlscerts, &len); + for (gsize i = 0; i < len; i++) { + auto_gchar gchar* fingerprint_sha1 = g_key_file_get_string(tlscerts, groups[i], "fingerprint_sha1", NULL); + if (g_strcmp0(fingerprint, fingerprint_sha1) == 0) { + return _get_TLSCertificate(fingerprint_sha1); + } + } return NULL; } - - int version = g_key_file_get_integer(tlscerts, fingerprint, "version", NULL); - auto_gchar gchar* serialnumber = g_key_file_get_string(tlscerts, fingerprint, "serialnumber", NULL); - auto_gchar gchar* subjectname = g_key_file_get_string(tlscerts, fingerprint, "subjectname", NULL); - auto_gchar gchar* issuername = g_key_file_get_string(tlscerts, fingerprint, "issuername", NULL); - auto_gchar gchar* notbefore = g_key_file_get_string(tlscerts, fingerprint, "start", NULL); - auto_gchar gchar* notafter = g_key_file_get_string(tlscerts, fingerprint, "end", NULL); - auto_gchar gchar* keyalg = g_key_file_get_string(tlscerts, fingerprint, "keyalg", NULL); - auto_gchar gchar* signaturealg = g_key_file_get_string(tlscerts, fingerprint, "signaturealg", NULL); - - return tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore, - notafter, keyalg, signaturealg, NULL, NULL, NULL); + return _get_TLSCertificate(fingerprint); } char* @@ -342,39 +363,37 @@ tlscerts_reset_ac(void) autocomplete_reset(certs_ac); } +static void +_tls_cert_name_free(tls_cert_name_t* name) +{ + g_free(name->country); + g_free(name->state); + g_free(name->distinguishedname); + g_free(name->serialnumber); + g_free(name->commonname); + g_free(name->organisation); + g_free(name->organisation_unit); + g_free(name->email); +} + void tlscerts_free(TLSCertificate* cert) { if (cert) { - free(cert->issuer_country); - free(cert->issuer_state); - free(cert->issuer_distinguishedname); - free(cert->issuer_serialnumber); - free(cert->issuer_commonname); - free(cert->issuer_organisation); - free(cert->issuer_organisation_unit); - free(cert->issuer_email); + _tls_cert_name_free(&cert->subject); + _tls_cert_name_free(&cert->issuer); - free(cert->subject_country); - free(cert->subject_state); - free(cert->subject_distinguishedname); - free(cert->subject_serialnumber); - free(cert->subject_commonname); - free(cert->subject_organisation); - free(cert->subject_organisation_unit); - free(cert->subject_email); - - free(cert->pubkey_fingerprint); - free(cert->pem); - free(cert->signature_alg); - free(cert->key_alg); - free(cert->notafter); - free(cert->notbefore); - free(cert->issuername); - free(cert->subjectname); - free(cert->serialnumber); - free(cert->fingerprint_sha1); - free(cert->fingerprint_sha256); + g_free(cert->pubkey_fingerprint); + g_free(cert->pem); + g_free(cert->signature_alg); + g_free(cert->key_alg); + g_free(cert->notafter); + g_free(cert->notbefore); + g_free(cert->issuername); + g_free(cert->subjectname); + g_free(cert->serialnumber); + g_free(cert->fingerprint_sha1); + g_free(cert->fingerprint_sha256); free(cert); } diff --git a/src/config/tlscerts.h b/src/config/tlscerts.h index e7ed7290..0fa43b1f 100644 --- a/src/config/tlscerts.h +++ b/src/config/tlscerts.h @@ -38,37 +38,35 @@ #include +typedef struct tls_cert_name_t +{ + gchar* country; + gchar* state; + gchar* distinguishedname; + gchar* serialnumber; + gchar* commonname; + gchar* organisation; + gchar* organisation_unit; + gchar* email; +} tls_cert_name_t; + typedef struct tls_cert_t { int version; - const char* fingerprint; - char* serialnumber; - char* subjectname; - char* subject_country; - char* subject_state; - char* subject_distinguishedname; - char* subject_serialnumber; - char* subject_commonname; - char* subject_organisation; - char* subject_organisation_unit; - char* subject_email; - char* issuername; - char* issuer_country; - char* issuer_state; - char* issuer_distinguishedname; - char* issuer_serialnumber; - char* issuer_commonname; - char* issuer_organisation; - char* issuer_organisation_unit; - char* issuer_email; - char* notbefore; - char* notafter; - char* fingerprint_sha1; - char* fingerprint_sha256; - char* key_alg; - char* signature_alg; - char* pem; - char* pubkey_fingerprint; + const gchar* fingerprint; + gchar* serialnumber; + gchar* subjectname; + tls_cert_name_t subject; + gchar* issuername; + tls_cert_name_t issuer; + gchar* notbefore; + gchar* notafter; + gchar* fingerprint_sha1; + gchar* fingerprint_sha256; + gchar* key_alg; + gchar* signature_alg; + gchar* pem; + gchar* pubkey_fingerprint; } TLSCertificate; void tlscerts_init(void); diff --git a/src/ui/console.c b/src/ui/console.c index 429e1a6a..665c1a52 100644 --- a/src/ui/console.c +++ b/src/ui/console.c @@ -185,8 +185,8 @@ cons_show_tlscert_summary(const TLSCertificate* cert) return; } - cons_show("Subject : %s", cert->subject_commonname); - cons_show("Issuer : %s", cert->issuer_commonname); + cons_show("Subject : %s", cert->subject.commonname); + cons_show("Issuer : %s", cert->issuer.commonname); cons_show("Fingerprint : %s", cert->fingerprint); } @@ -199,73 +199,35 @@ cons_show_tlscert(const TLSCertificate* cert) cons_show("Certificate:"); - cons_show(" Subject:"); - if (cert->subject_commonname) { - cons_show(" Common name : %s", cert->subject_commonname); - } - if (cert->subject_distinguishedname) { - cons_show(" Distinguished name : %s", cert->subject_distinguishedname); - } - if (cert->subject_organisation) { - cons_show(" Organisation : %s", cert->subject_organisation); - } - if (cert->subject_organisation_unit) { - cons_show(" Organisation unit : %s", cert->subject_organisation_unit); - } - if (cert->subject_email) { - cons_show(" Email : %s", cert->subject_email); - } - if (cert->subject_state) { - cons_show(" State : %s", cert->subject_state); - } - if (cert->subject_country) { - cons_show(" Country : %s", cert->subject_country); - } - if (cert->subject_serialnumber) { - cons_show(" Serial number : %s", cert->subject_serialnumber); - } - - cons_show(" Issuer:"); - if (cert->issuer_commonname) { - cons_show(" Common name : %s", cert->issuer_commonname); - } - if (cert->issuer_distinguishedname) { - cons_show(" Distinguished name : %s", cert->issuer_distinguishedname); - } - if (cert->issuer_organisation) { - cons_show(" Organisation : %s", cert->issuer_organisation); - } - if (cert->issuer_organisation_unit) { - cons_show(" Organisation unit : %s", cert->issuer_organisation_unit); - } - if (cert->issuer_email) { - cons_show(" Email : %s", cert->issuer_email); - } - if (cert->issuer_state) { - cons_show(" State : %s", cert->issuer_state); - } - if (cert->issuer_country) { - cons_show(" Country : %s", cert->issuer_country); - } - if (cert->issuer_serialnumber) { - cons_show(" Serial number : %s", cert->issuer_serialnumber); - } - cons_show(" Version : %d", cert->version); - if (cert->serialnumber) { - cons_show(" Serial number : %s", cert->serialnumber); - } + cons_show(" Subject:"); + cons_show_if_set(" Common name : %s", cert->subject.commonname); + cons_show_if_set(" Distinguished name : %s", cert->subject.distinguishedname); + cons_show_if_set(" Organisation : %s", cert->subject.organisation); + cons_show_if_set(" Organisation unit : %s", cert->subject.organisation_unit); + cons_show_if_set(" Email : %s", cert->subject.email); + cons_show_if_set(" State : %s", cert->subject.state); + cons_show_if_set(" Country : %s", cert->subject.country); + cons_show_if_set(" Serial number : %s", cert->subject.serialnumber); - if (cert->key_alg) { - cons_show(" Key algorithm : %s", cert->key_alg); - } - if (cert->signature_alg) { - cons_show(" Signature algorithm : %s", cert->signature_alg); - } + cons_show(" Issuer:"); + cons_show_if_set(" Common name : %s", cert->issuer.commonname); + cons_show_if_set(" Distinguished name : %s", cert->issuer.distinguishedname); + cons_show_if_set(" Organisation : %s", cert->issuer.organisation); + cons_show_if_set(" Organisation unit : %s", cert->issuer.organisation_unit); + cons_show_if_set(" Email : %s", cert->issuer.email); + cons_show_if_set(" State : %s", cert->issuer.state); + cons_show_if_set(" Country : %s", cert->issuer.country); + cons_show_if_set(" Serial number : %s", cert->issuer.serialnumber); - cons_show(" Start : %s", cert->notbefore); - cons_show(" End : %s", cert->notafter); + cons_show_if_set(" Serial number : %s", cert->serialnumber); + + cons_show_if_set(" Key algorithm : %s", cert->key_alg); + cons_show_if_set(" Signature algorithm : %s", cert->signature_alg); + + cons_show_if_set(" Validity Start : %s", cert->notbefore); + cons_show_if_set(" Validity End : %s", cert->notafter); cons_show_if_set(" Fingerprint SHA1 : %s", cert->fingerprint_sha1); cons_show_if_set(" Fingerprint SHA256 : %s", cert->fingerprint_sha256);