提交 fefc111a 编写于 作者: B Ben Laurie

Make openssl verify return errors.

上级 b204ab65
...@@ -3,6 +3,10 @@ ...@@ -3,6 +3,10 @@
_______________ _______________
Changes between 1.0.x and 1.1.0 [xx XXX xxxx] Changes between 1.0.x and 1.1.0 [xx XXX xxxx]
*) Make openssl verify return errors.
[Chris Palmer <palmer@google.com> and Ben Laurie]
*) Fix OCSP checking. *) Fix OCSP checking.
[Rob Stradling <rob.stradling@comodo.com> and Ben Laurie] [Rob Stradling <rob.stradling@comodo.com> and Ben Laurie]
......
...@@ -540,7 +540,7 @@ rehash.time: certs apps ...@@ -540,7 +540,7 @@ rehash.time: certs apps
[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \ [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
OPENSSL_DEBUG_MEMORY=on; \ OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \ export OPENSSL OPENSSL_DEBUG_MEMORY; \
$(PERL) tools/c_rehash certs) && \ $(PERL) tools/c_rehash certs/demo) && \
touch rehash.time; \ touch rehash.time; \
else :; fi else :; fi
......
...@@ -228,11 +228,19 @@ int MAIN(int argc, char **argv) ...@@ -228,11 +228,19 @@ int MAIN(int argc, char **argv)
if (crl_download) if (crl_download)
store_setup_crl_download(cert_ctx); store_setup_crl_download(cert_ctx);
if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, crls, e); ret=0;
if (argc < 1)
{
if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e))
ret=-1;
}
else else
{
for (i=0; i<argc; i++) for (i=0; i<argc; i++)
check(cert_ctx,argv[i], untrusted, trusted, crls, e); if (1 != check(cert_ctx,argv[i], untrusted, trusted, crls, e))
ret=0; ret=-1;
}
end: end:
if (ret == 1) { if (ret == 1) {
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
...@@ -267,7 +275,7 @@ end: ...@@ -267,7 +275,7 @@ end:
sk_X509_pop_free(trusted, X509_free); sk_X509_pop_free(trusted, X509_free);
sk_X509_CRL_pop_free(crls, X509_CRL_free); sk_X509_CRL_pop_free(crls, X509_CRL_free);
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret < 0 ? 2 : ret);
} }
static int check(X509_STORE *ctx, char *file, static int check(X509_STORE *ctx, char *file,
......
...@@ -294,7 +294,7 @@ test_ecdh: ...@@ -294,7 +294,7 @@ test_ecdh:
test_verify: test_verify:
@echo "The following command should have some OK's and some failures" @echo "The following command should have some OK's and some failures"
@echo "There are definitly a few expired certificates" @echo "There are definitly a few expired certificates"
../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs ../certs/*.pem ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem
test_dh: test_dh:
@echo "Generate a set of DH parameters" @echo "Generate a set of DH parameters"
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册