Make openssl verify return errors.
authorBen Laurie <ben@openssl.org>
Tue, 11 Dec 2012 16:05:14 +0000 (16:05 +0000)
committerBen Laurie <ben@openssl.org>
Tue, 11 Dec 2012 16:05:14 +0000 (16:05 +0000)
CHANGES
Makefile.org
apps/verify.c
test/Makefile

diff --git a/CHANGES b/CHANGES
index 1a6e80b..2178885 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,10 @@
  _______________
 
  Changes between 1.0.x and 1.1.0  [xx XXX xxxx]
+
+  *) Make openssl verify return errors.
+     [Chris Palmer <palmer@google.com> and Ben Laurie]
+
   *) Fix OCSP checking.
      [Rob Stradling <rob.stradling@comodo.com> and Ben Laurie]
 
index e8e235d..428cbbb 100644 (file)
@@ -540,7 +540,7 @@ rehash.time: certs apps
                [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
                OPENSSL_DEBUG_MEMORY=on; \
                export OPENSSL OPENSSL_DEBUG_MEMORY; \
-               $(PERL) tools/c_rehash certs) && \
+               $(PERL) tools/c_rehash certs/demo) && \
                touch rehash.time; \
        else :; fi
 
index bcca114..b03085b 100644 (file)
@@ -228,11 +228,19 @@ int MAIN(int argc, char **argv)
        if (crl_download)
                store_setup_crl_download(cert_ctx);
 
-       if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, crls, e);
+       ret=0;
+       if (argc < 1)
+               { 
+               if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e))
+                       ret=-1;
+               }
        else
+               {
                for (i=0; i<argc; i++)
-                       check(cert_ctx,argv[i], untrusted, trusted, crls, e);
-       ret=0;
+                       if (1 != check(cert_ctx,argv[i], untrusted, trusted, crls, e))
+                               ret=-1;
+               }
+
 end:
        if (ret == 1) {
                BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
@@ -267,7 +275,7 @@ end:
        sk_X509_pop_free(trusted, X509_free);
        sk_X509_CRL_pop_free(crls, X509_CRL_free);
        apps_shutdown();
-       OPENSSL_EXIT(ret);
+       OPENSSL_EXIT(ret < 0 ? 2 : ret);
        }
 
 static int check(X509_STORE *ctx, char *file,
index b919533..9361950 100644 (file)
@@ -294,7 +294,7 @@ test_ecdh:
 test_verify:
        @echo "The following command should have some OK's and some failures"
        @echo "There are definitly a few expired certificates"
-       ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs ../certs/*.pem
+       ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem
 
 test_dh:
        @echo "Generate a set of DH parameters"