generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Cleanup of verify(1) failure output

Browse Source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Viktor Dukhovni 2016-01-01 18:45:29 -05:00
parent 1de1d7689a
commit 63c6aa6b93
1 changed files with 27 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
apps/verify.c
View File

@ -263,16 +263,17 @@ static int check(X509_STORE *ctx, char *file,
x = load_cert(file, FORMAT_PEM, NULL, e, "certificate file"); x = load_cert(file, FORMAT_PEM, NULL, e, "certificate file");
if (x == NULL) if (x == NULL)
goto end; goto end;
printf("%s: ", (file == NULL) ? "stdin" : file);
csc = X509_STORE_CTX_new(); csc = X509_STORE_CTX_new();
if (csc == NULL) { if (csc == NULL) {
ERR_print_errors(bio_err); printf("error %s: X.509 store context allocation failed\n",
(file == NULL) ? "stdin" : file);
goto end; goto end;
} }
X509_STORE_set_flags(ctx, vflags); X509_STORE_set_flags(ctx, vflags);
if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
ERR_print_errors(bio_err); printf("error %s: X.509 store context initialization failed\n",
(file == NULL) ? "stdin" : file);
goto end; goto end;
} }
if (tchain) if (tchain)
@ -281,32 +282,34 @@ static int check(X509_STORE *ctx, char *file,
X509_STORE_CTX_set0_crls(csc, crls); X509_STORE_CTX_set0_crls(csc, crls);
i = X509_verify_cert(csc); i = X509_verify_cert(csc);
if (i > 0) { if (i > 0) {
printf("OK\n"); printf("%s: OK\n", (file == NULL) ? "stdin" : file);
ret = 1; ret = 1;
if (show_chain) { if (show_chain) {
int j; int j;
chain = X509_STORE_CTX_get1_chain(csc); chain = X509_STORE_CTX_get1_chain(csc);
num_untrusted = X509_STORE_CTX_get_num_untrusted(csc); num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
printf("Chain:\n"); printf("Chain:\n");
for (j = 0; j < sk_X509_num(chain); j++) { for (j = 0; j < sk_X509_num(chain); j++) {
X509 *cert = sk_X509_value(chain, j); X509 *cert = sk_X509_value(chain, j);
printf("depth=%d: ", j); printf("depth=%d: ", j);
X509_NAME_print_ex_fp(stdout, X509_NAME_print_ex_fp(stdout,
X509_get_subject_name(cert), X509_get_subject_name(cert),
0, XN_FLAG_ONELINE); 0, XN_FLAG_ONELINE);
if (j < num_untrusted) if (j < num_untrusted)
printf(" (untrusted)"); printf(" (untrusted)");
printf("\n"); printf("\n");
} }
sk_X509_pop_free(chain, X509_free); sk_X509_pop_free(chain, X509_free);
} }
} else {
printf("error %s: verification failed\n", (file == NULL) ? "stdin" : file);
} }
X509_STORE_CTX_free(csc); X509_STORE_CTX_free(csc);
end: end:
if (i <= 0) if (i <= 0)
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
X509_free(x); X509_free(x);
return ret; return ret;
@ -324,8 +327,8 @@ static int cb(int ok, X509_STORE_CTX *ctx)
0, XN_FLAG_ONELINE); 0, XN_FLAG_ONELINE);
BIO_printf(bio_err, "\n"); BIO_printf(bio_err, "\n");
} }
BIO_printf(bio_err, "%serror %d at %d depth lookup:%s\n", BIO_printf(bio_err, "%serror %d at %d depth lookup: %s\n",
X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "", X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path] " : "",
cert_error, cert_error,
X509_STORE_CTX_get_error_depth(ctx), X509_STORE_CTX_get_error_depth(ctx),
X509_verify_cert_error_string(cert_error)); X509_verify_cert_error_string(cert_error));