If an engine comes up explicitely, it must also come down explicitely

[openssl.git] / apps / verify.c

diff --git a/apps/verify.c b/apps/verify.c
index 47a8c86cc34cd81227f20ed1e201d62d94ff860b..bd8349a508f16a68d33d1fb1cba910c4fa1951ab 100644 (file)
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -31,7 +31,7 @@ typedef enum OPTION_choice {
     OPT_VERBOSE
 } OPTION_CHOICE;
 
-OPTIONS verify_options[] = {
+const OPTIONS verify_options[] = {
     {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
     {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
     {"help", OPT_HELP, '-', "Display this summary"},
@@ -60,6 +60,7 @@ OPTIONS verify_options[] = {
 
 int verify_main(int argc, char **argv)
 {
+    ENGINE *e = NULL;
     STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
     STACK_OF(X509_CRL) *crls = NULL;
     X509_STORE *store = NULL;
@@ -140,7 +141,7 @@ int verify_main(int argc, char **argv)
             crl_download = 1;
             break;
         case OPT_ENGINE:
-            if (setup_engine(opt_arg(), 0) == NULL) {
+            if ((e = setup_engine(opt_arg(), 0)) == NULL) {
                 /* Failure message already displayed */
                 goto end;
             }
@@ -191,6 +192,7 @@ int verify_main(int argc, char **argv)
     sk_X509_pop_free(untrusted, X509_free);
     sk_X509_pop_free(trusted, X509_free);
     sk_X509_CRL_pop_free(crls, X509_CRL_free);
+    release_engine(e);
     return (ret < 0 ? 2 : ret);
 }