STACK_OF(X509_CRL) *crls = NULL;
X509_STORE *store = NULL;
X509_VERIFY_PARAM *vpm = NULL;
- char *prog, *CApath = NULL, *CAfile = NULL, *engine = NULL;
+ char *prog, *CApath = NULL, *CAfile = NULL;
char *untfile = NULL, *trustfile = NULL, *crlfile = NULL;
int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1;
OPTION_CHOICE o;
show_chain = 1;
break;
case OPT_ENGINE:
- engine = opt_arg();
+ e = setup_engine(opt_arg(), 0);
break;
case OPT_VERBOSE:
v_verbose = 1;
argc = opt_num_rest();
argv = opt_rest();
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(engine, 0);
-#endif
- if (!(store = setup_verify(CAfile, CApath)))
+ if (!app_load_modules(NULL))
+ goto end;
+
+ if ((store = setup_verify(CAfile, CApath)) == NULL)
goto end;
X509_STORE_set_verify_cb(store, cb);
}
end:
- if (vpm)
- X509_VERIFY_PARAM_free(vpm);
- if (store != NULL)
- X509_STORE_free(store);
+ X509_VERIFY_PARAM_free(vpm);
+ X509_STORE_free(store);
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
}
sk_X509_pop_free(chain, X509_free);
}
- if (x != NULL)
- X509_free(x);
+ X509_free(x);
return (ret);
}
if (!ok) {
if (current_cert) {
- X509_NAME_print_ex_fp(stdout,
- X509_get_subject_name(current_cert),
- 0, XN_FLAG_ONELINE);
- printf("\n");
+ X509_NAME_print_ex(bio_err,
+ X509_get_subject_name(current_cert),
+ 0, XN_FLAG_ONELINE);
+ BIO_printf(bio_err, "\n");
}
- printf("%serror %d at %d depth lookup:%s\n",
+ BIO_printf(bio_err, "%serror %d at %d depth lookup:%s\n",
X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "",
cert_error,
X509_STORE_CTX_get_error_depth(ctx),
X509_verify_cert_error_string(cert_error));
switch (cert_error) {
case X509_V_ERR_NO_EXPLICIT_POLICY:
- policies_print(bio_err, ctx);
+ policies_print(ctx);
case X509_V_ERR_CERT_HAS_EXPIRED:
/*
* since we are just checking the certificates, it is ok if they
* are self signed. But we should still warn the user.
*/
-
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
/* Continue after extension errors too */
case X509_V_ERR_INVALID_CA:
case X509_V_ERR_CRL_NOT_YET_VALID:
case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
ok = 1;
-
}
return ok;
}
if (cert_error == X509_V_OK && ok == 2)
- policies_print(bio_out, ctx);
+ policies_print(ctx);
if (!v_verbose)
ERR_clear_error();
return (ok);