Make sure a corresponding plain text error message exists for the

X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
verify callback function determined that a certificate was revoked.

2 files changed, 7 insertions, 0 deletions

diff --git a/CHANGES b/CHANGES
index 163281cd36..2e420fa21d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,11 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) Make sure a corresponding plain text error message exists for the
+     X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
+     verify callback function determined that a certificate was revoked.
+     [Ralf S. Engelschall]
+
   *) Bugfix: In test/testenc, don't test "openssl <cipher>" for
      ciphers that were excluded, e.g. by -DNO_IDEA.  Also, test
      all available cipers including rc5, which was forgotten until now.
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 871cc33637..de7550d9cd 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -120,6 +120,8 @@ long n;
 		return("unable to verify the first certificate");
 	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
 		return("certificate chain too long");
+	case X509_V_ERR_CERT_REVOKED:
+		return("certificate revoked");
 	case X509_V_ERR_APPLICATION_VERIFICATION:
 		return("application verification failure");
 	default: