Make openssl verify return errors.

diff --git a/CHANGES b/CHANGES
index 1a6e80b80d93a9a11706d0356c81dca9320ec472..2178885cd312dc22789c7d5c616cfd5323246531 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,10 @@
  _______________
 
  Changes between 1.0.x and 1.1.0  [xx XXX xxxx]
  _______________
 
  Changes between 1.0.x and 1.1.0  [xx XXX xxxx]

+
+  *) Make openssl verify return errors.
+     [Chris Palmer <palmer@google.com> and Ben Laurie]
+

   *) Fix OCSP checking.
      [Rob Stradling <rob.stradling@comodo.com> and Ben Laurie]
 
   *) Fix OCSP checking.
      [Rob Stradling <rob.stradling@comodo.com> and Ben Laurie]
 

diff --git a/Makefile.org b/Makefile.org
index e8e235ddc1f035ec5088f65dd58bde048153ff3f..428cbbb98395d9ba5b4a9f9ef5e046875e7f6698 100644 (file)
--- a/Makefile.org
+++ b/Makefile.org
@@ -540,7 +540,7 @@ rehash.time: certs apps
                [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
                OPENSSL_DEBUG_MEMORY=on; \
                export OPENSSL OPENSSL_DEBUG_MEMORY; \
                [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
                OPENSSL_DEBUG_MEMORY=on; \
                export OPENSSL OPENSSL_DEBUG_MEMORY; \

-               $(PERL) tools/c_rehash certs) && \
+               $(PERL) tools/c_rehash certs/demo) && \

                touch rehash.time; \
        else :; fi
 
                touch rehash.time; \
        else :; fi
 

diff --git a/apps/verify.c b/apps/verify.c
index bcca114efe4557675b6b4ed5c5b0cc483a5070ce..b03085bf87678c7f1aa4eabdbb9e52b22fb6d4cd 100644 (file)
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -228,11 +228,19 @@ int MAIN(int argc, char **argv)
        if (crl_download)
                store_setup_crl_download(cert_ctx);
 
        if (crl_download)
                store_setup_crl_download(cert_ctx);
 

-       if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, crls, e);
+       ret=0;
+       if (argc < 1)
+               { 
+               if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e))
+                       ret=-1;
+               }

        else
        else

+               {

                for (i=0; i<argc; i++)
                for (i=0; i<argc; i++)

-                       check(cert_ctx,argv[i], untrusted, trusted, crls, e);
-       ret=0;
+                       if (1 != check(cert_ctx,argv[i], untrusted, trusted, crls, e))
+                               ret=-1;
+               }
+

 end:
        if (ret == 1) {
                BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
 end:
        if (ret == 1) {
                BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");


@@ -267,7 +275,7 @@ end:
        sk_X509_pop_free(trusted, X509_free);
        sk_X509_CRL_pop_free(crls, X509_CRL_free);
        apps_shutdown();
        sk_X509_pop_free(trusted, X509_free);
        sk_X509_CRL_pop_free(crls, X509_CRL_free);
        apps_shutdown();

-       OPENSSL_EXIT(ret);
+       OPENSSL_EXIT(ret < 0 ? 2 : ret);

        }
 
 static int check(X509_STORE *ctx, char *file,
        }
 
 static int check(X509_STORE *ctx, char *file,

diff --git a/test/Makefile b/test/Makefile
index b919533b3787253db8ff58cea93a0dec39bd8470..93619504ff3455edbc60dd3679172bdddf289eb0 100644 (file)
--- a/test/Makefile
+++ b/test/Makefile
@@ -294,7 +294,7 @@ test_ecdh:
 test_verify:
        @echo "The following command should have some OK's and some failures"
        @echo "There are definitly a few expired certificates"
 test_verify:
        @echo "The following command should have some OK's and some failures"
        @echo "There are definitly a few expired certificates"

-       ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs ../certs/*.pem
+       ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem

 
 test_dh:
        @echo "Generate a set of DH parameters"
 
 test_dh:
        @echo "Generate a set of DH parameters"