root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Make verify return errors.

This commit is contained in:
Ben Laurie 2012-12-13 15:49:15 +00:00
parent 2a2e537983
commit 5f4cf08864
4 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -81,6 +81,9 @@
Changes between 1.0.1c and 1.0.1d [xx XXX xxxx]
*) Make openssl verify return errors.
[Chris Palmer <palmer@google.com> and Ben Laurie]
*) Fix possible deadlock when decoding public keys.
[Steve Henson]

2
Makefile.org
View File

@ -444,7 +444,7 @@ rehash.time: certs apps
[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \
$(PERL) tools/c_rehash certs) && \
$(PERL) tools/c_rehash certs/demo) && \
touch rehash.time; \
else :; fi

16
apps/verify.c
View File

@ -222,11 +222,19 @@ int MAIN(int argc, char **argv)
goto end;
}
if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, crls, e);
ret = 0;
if (argc < 1)
{
if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e))
ret = -1;
}
else
{
for (i=0; i<argc; i++)
check(cert_ctx,argv[i], untrusted, trusted, crls, e);
ret=0;
if (1 != check(cert_ctx,argv[i], untrusted, trusted, crls, e))
ret = -1;
}
end:
if (ret == 1) {
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
@ -252,7 +260,7 @@ end:
sk_X509_pop_free(trusted, X509_free);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
apps_shutdown();
OPENSSL_EXIT(ret);
OPENSSL_EXIT(ret < 0 ? 2 : ret);
}
static int check(X509_STORE *ctx, char *file,

2
test/Makefile
View File

@ -246,7 +246,7 @@ test_ecdh:
test_verify:
@echo "The following command should have some OK's and some failures"
@echo "There are definitly a few expired certificates"
../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs ../certs/*.pem
../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem
test_dh:
@echo "Generate a set of DH parameters"