update FAQ

[openssl.git] / apps / verify.c

diff --git a/apps/verify.c b/apps/verify.c
index 9163997e93c5e62118ba841f1e40352eedfa172a..b03085bf87678c7f1aa4eabdbb9e52b22fb6d4cd 100644 (file)
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -88,6 +88,7 @@ int MAIN(int argc, char **argv)
        X509_STORE *cert_ctx=NULL;
        X509_LOOKUP *lookup=NULL;
        X509_VERIFY_PARAM *vpm = NULL;
+       int crl_download = 0;
 #ifndef OPENSSL_NO_ENGINE
        char *engine=NULL;
 #endif
@@ -145,6 +146,8 @@ int MAIN(int argc, char **argv)
                                if (argc-- < 1) goto end;
                                crlfile= *(++argv);
                                }
+                       else if (strcmp(*argv,"-crl_download") == 0)
+                               crl_download = 1;
 #ifndef OPENSSL_NO_ENGINE
                        else if (strcmp(*argv,"-engine") == 0)
                                {
@@ -222,11 +225,22 @@ int MAIN(int argc, char **argv)
                        goto end;
                }
 
-       if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, crls, e);
+       if (crl_download)
+               store_setup_crl_download(cert_ctx);
+
+       ret=0;
+       if (argc < 1)
+               { 
+               if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e))
+                       ret=-1;
+               }
        else
+               {
                for (i=0; i<argc; i++)
-                       check(cert_ctx,argv[i], untrusted, trusted, crls, e);
-       ret=0;
+                       if (1 != check(cert_ctx,argv[i], untrusted, trusted, crls, e))
+                               ret=-1;
+               }
+
 end:
        if (ret == 1) {
                BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
@@ -234,13 +248,26 @@ end:
                BIO_printf(bio_err," [-engine e]");
 #endif
                BIO_printf(bio_err," cert1 cert2 ...\n");
+
                BIO_printf(bio_err,"recognized usages:\n");
-               for(i = 0; i < X509_PURPOSE_get_count(); i++) {
+               for(i = 0; i < X509_PURPOSE_get_count(); i++)
+                       {
                        X509_PURPOSE *ptmp;
                        ptmp = X509_PURPOSE_get0(i);
-                       BIO_printf(bio_err, "\t%-10s\t%s\n", X509_PURPOSE_get0_sname(ptmp),
-                                                               X509_PURPOSE_get0_name(ptmp));
-               }
+                       BIO_printf(bio_err, "\t%-10s\t%s\n",
+                                  X509_PURPOSE_get0_sname(ptmp),
+                                  X509_PURPOSE_get0_name(ptmp));
+                       }
+
+               BIO_printf(bio_err,"recognized verify names:\n");
+               for(i = 0; i < X509_VERIFY_PARAM_get_count(); i++)
+                       {
+                       const X509_VERIFY_PARAM *vptmp;
+                       vptmp = X509_VERIFY_PARAM_get0(i);
+                       BIO_printf(bio_err, "\t%-10s\n",
+                                       X509_VERIFY_PARAM_get0_name(vptmp));
+                       }
+
        }
        if (vpm) X509_VERIFY_PARAM_free(vpm);
        if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
@@ -248,7 +275,7 @@ end:
        sk_X509_pop_free(trusted, X509_free);
        sk_X509_CRL_pop_free(crls, X509_CRL_free);
        apps_shutdown();
-       OPENSSL_EXIT(ret);
+       OPENSSL_EXIT(ret < 0 ? 2 : ret);
        }
 
 static int check(X509_STORE *ctx, char *file,