Make sure a corresponding plain text error message exists for the

X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
verify callback function determined that a certificate was revoked.

diff --git a/CHANGES b/CHANGES
index 163281cd36373ecd3e9f019ce7f80b912698ca56..2e420fa21dfd6bbaa55d634817ca182e5b32ecda 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,11 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) Make sure a corresponding plain text error message exists for the
+     X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
+     verify callback function determined that a certificate was revoked.
+     [Ralf S. Engelschall]
+
   *) Bugfix: In test/testenc, don't test "openssl <cipher>" for
      ciphers that were excluded, e.g. by -DNO_IDEA.  Also, test
      all available cipers including rc5, which was forgotten until now.

diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 871cc33637cae7554141c6588f9dc13b65bc582c..de7550d9cdebfcb95a18c045eaeacaf73b81a6e9 100644 (file)
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -120,6 +120,8 @@ long n;
                return("unable to verify the first certificate");
        case X509_V_ERR_CERT_CHAIN_TOO_LONG:
                return("certificate chain too long");
+       case X509_V_ERR_CERT_REVOKED:
+               return("certificate revoked");
        case X509_V_ERR_APPLICATION_VERIFICATION:
                return("application verification failure");
        default: