Overhaul of by_dir code to handle dynamic loading of CRLs.
[openssl.git] / apps / s_cb.c
index 573f98c..6d322d4 100644 (file)
 
 int verify_depth=0;
 int verify_error=X509_V_OK;
+int verify_return_error=0;
 
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
        {
@@ -142,7 +143,8 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
                        X509_verify_cert_error_string(err));
                if (verify_depth >= depth)
                        {
-                       ok=1;
+                       if (!verify_return_error)
+                               ok=1;
                        verify_error=X509_V_OK;
                        }
                else