Demo of use of errors in applications.

[openssl.git] / apps / verify.c

diff --git a/apps/verify.c b/apps/verify.c
index 8f897cf48563ff74fc4874d1db3266d55001ef08..b03085bf87678c7f1aa4eabdbb9e52b22fb6d4cd 100644 (file)
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -88,6 +88,7 @@ int MAIN(int argc, char **argv)
        X509_STORE *cert_ctx=NULL;
        X509_LOOKUP *lookup=NULL;
        X509_VERIFY_PARAM *vpm = NULL;
+       int crl_download = 0;
 #ifndef OPENSSL_NO_ENGINE
        char *engine=NULL;
 #endif
@@ -145,6 +146,8 @@ int MAIN(int argc, char **argv)
                                if (argc-- < 1) goto end;
                                crlfile= *(++argv);
                                }
+                       else if (strcmp(*argv,"-crl_download") == 0)
+                               crl_download = 1;
 #ifndef OPENSSL_NO_ENGINE
                        else if (strcmp(*argv,"-engine") == 0)
                                {
@@ -222,11 +225,22 @@ int MAIN(int argc, char **argv)
                        goto end;
                }
 
-       if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, crls, e);
+       if (crl_download)
+               store_setup_crl_download(cert_ctx);
+
+       ret=0;
+       if (argc < 1)
+               { 
+               if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e))
+                       ret=-1;
+               }
        else
+               {
                for (i=0; i<argc; i++)
-                       check(cert_ctx,argv[i], untrusted, trusted, crls, e);
-       ret=0;
+                       if (1 != check(cert_ctx,argv[i], untrusted, trusted, crls, e))
+                               ret=-1;
+               }
+
 end:
        if (ret == 1) {
                BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
@@ -261,7 +275,7 @@ end:
        sk_X509_pop_free(trusted, X509_free);
        sk_X509_CRL_pop_free(crls, X509_CRL_free);
        apps_shutdown();
-       OPENSSL_EXIT(ret);
+       OPENSSL_EXIT(ret < 0 ? 2 : ret);
        }
 
 static int check(X509_STORE *ctx, char *file,