In order to get the expected self signed error when
authorDr. Stephen Henson <steve@openssl.org>
Sun, 21 Sep 2003 02:18:15 +0000 (02:18 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 21 Sep 2003 02:18:15 +0000 (02:18 +0000)
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.

apps/x509.c

index f0ef559..036e255 100644 (file)
@@ -1103,7 +1103,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
        else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
                goto end;
 
-       if (!X509_STORE_add_cert(ctx,x)) goto end;
+/*     if (!X509_STORE_add_cert(ctx,x)) goto end;*/
 
        /* NOTE: this certificate can/should be self signed, unless it was
         * a certificate request in which case it is not. */