Show errors on CSR verification failure.
authorDr. Stephen Henson <steve@openssl.org>
Sun, 29 Jun 2014 12:31:57 +0000 (13:31 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 29 Jun 2014 12:34:25 +0000 (13:34 +0100)
If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.

PR#2875
(cherry picked from commit a30bdb55d1361b9926eef8127debfc2e1bb8c484)

apps/ca.c

index 3b72d86..5c98543 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1628,12 +1628,14 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
                {
                ok=0;
                BIO_printf(bio_err,"Signature verification problems....\n");
                {
                ok=0;
                BIO_printf(bio_err,"Signature verification problems....\n");
+               ERR_print_errors(bio_err);
                goto err;
                }
        if (i == 0)
                {
                ok=0;
                BIO_printf(bio_err,"Signature did not match the certificate request\n");
                goto err;
                }
        if (i == 0)
                {
                ok=0;
                BIO_printf(bio_err,"Signature did not match the certificate request\n");
+               ERR_print_errors(bio_err);
                goto err;
                }
        else
                goto err;
                }
        else