diff options
| author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-01-13 17:08:03 -0500 |
|---|---|---|
| committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-01-13 17:55:17 -0500 |
| commit | d9e309a675900030d7308e36f614962a344816f9 (patch) | |
| tree | 103a93ac505de744b4174c7b062b846bb81a3d1c /apps/verify.c | |
| parent | 126d686400b832a712fbcee2308b317e35e759bb (diff) | |
| download | openssl-new-d9e309a675900030d7308e36f614962a344816f9.tar.gz | |
Fix verify(1) to report failure when verification fails
Regenerated expired test certificates, good for the next 100 years.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'apps/verify.c')
| -rw-r--r-- | apps/verify.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/verify.c b/apps/verify.c index dae5ba8455..16b25c9ef0 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -281,7 +281,7 @@ static int check(X509_STORE *ctx, char *file, if (crls) X509_STORE_CTX_set0_crls(csc, crls); i = X509_verify_cert(csc); - if (i > 0) { + if (i > 0 && X509_STORE_CTX_get_error(csc) == X509_V_OK) { printf("%s: OK\n", (file == NULL) ? "stdin" : file); ret = 1; if (show_chain) { |