Silence Clang warning about unit'd variable

[openssl.git] / apps / verify.c

diff --git a/apps/verify.c b/apps/verify.c
index 61e85ce87e89de54a486af863a31cd57206b8fee..02351945679621d49fc75cba66afeba828de1961 100644 (file)
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -105,7 +105,7 @@ int verify_main(int argc, char **argv)
     STACK_OF(X509_CRL) *crls = NULL;
     X509_STORE *store = NULL;
     X509_VERIFY_PARAM *vpm = NULL;
-    char *prog, *CApath = NULL, *CAfile = NULL, *engine = NULL;
+    char *prog, *CApath = NULL, *CAfile = NULL;
     char *untfile = NULL, *trustfile = NULL, *crlfile = NULL;
     int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1;
     OPTION_CHOICE o;
@@ -167,7 +167,7 @@ int verify_main(int argc, char **argv)
             show_chain = 1;
             break;
         case OPT_ENGINE:
-            engine = opt_arg();
+            e = setup_engine(opt_arg(), 0);
             break;
         case OPT_VERBOSE:
             v_verbose = 1;
@@ -177,10 +177,10 @@ int verify_main(int argc, char **argv)
     argc = opt_num_rest();
     argv = opt_rest();
 
-#ifndef OPENSSL_NO_ENGINE
-    e = setup_engine(engine, 0);
-#endif
-    if (!(store = setup_verify(CAfile, CApath)))
+    if (!app_load_modules(NULL))
+        goto end;
+
+    if ((store = setup_verify(CAfile, CApath)) == NULL)
         goto end;
     X509_STORE_set_verify_cb(store, cb);
 
@@ -224,10 +224,8 @@ int verify_main(int argc, char **argv)
     }
 
  end:
-    if (vpm)
-        X509_VERIFY_PARAM_free(vpm);
-    if (store != NULL)
-        X509_STORE_free(store);
+    X509_VERIFY_PARAM_free(vpm);
+    X509_STORE_free(store);
     sk_X509_pop_free(untrusted, X509_free);
     sk_X509_pop_free(trusted, X509_free);
     sk_X509_CRL_pop_free(crls, X509_CRL_free);
@@ -286,8 +284,7 @@ static int check(X509_STORE *ctx, char *file,
         }
         sk_X509_pop_free(chain, X509_free);
     }
-    if (x != NULL)
-        X509_free(x);
+    X509_free(x);
 
     return (ret);
 }
@@ -299,26 +296,25 @@ static int cb(int ok, X509_STORE_CTX *ctx)
 
     if (!ok) {
         if (current_cert) {
-            X509_NAME_print_ex_fp(stdout,
-                                  X509_get_subject_name(current_cert),
-                                  0, XN_FLAG_ONELINE);
-            printf("\n");
+            X509_NAME_print_ex(bio_err,
+                            X509_get_subject_name(current_cert),
+                            0, XN_FLAG_ONELINE);
+            BIO_printf(bio_err, "\n");
         }
-        printf("%serror %d at %d depth lookup:%s\n",
+        BIO_printf(bio_err, "%serror %d at %d depth lookup:%s\n",
                X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "",
                cert_error,
                X509_STORE_CTX_get_error_depth(ctx),
                X509_verify_cert_error_string(cert_error));
         switch (cert_error) {
         case X509_V_ERR_NO_EXPLICIT_POLICY:
-            policies_print(bio_err, ctx);
+            policies_print(ctx);
         case X509_V_ERR_CERT_HAS_EXPIRED:
 
             /*
              * since we are just checking the certificates, it is ok if they
              * are self signed. But we should still warn the user.
              */
-
         case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
             /* Continue after extension errors too */
         case X509_V_ERR_INVALID_CA:
@@ -329,14 +325,13 @@ static int cb(int ok, X509_STORE_CTX *ctx)
         case X509_V_ERR_CRL_NOT_YET_VALID:
         case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
             ok = 1;
-
         }
 
         return ok;
 
     }
     if (cert_error == X509_V_OK && ok == 2)
-        policies_print(bio_out, ctx);
+        policies_print(ctx);
     if (!v_verbose)
         ERR_clear_error();
     return (ok);