On Sun, Oct 14, 2018 at 8:32 AM Jim Jagielski <j...@jagunet.com> wrote:
> All we are checking is the error code. Nothing else. > > % openssl version > OpenSSL 1.0.2p 14 Aug 2018 > % openssl ocsp 2>/dev/null > % print $? > 1 > % openssl foo 2>/dev/null > % print $? > 0 > > With 1.1.1, both return 1, but so what, we know that it has oscp. > $ openssl ocsp >/dev/null ocsp: Use -help for summary.[wrowe@hub test-httpd]$ echo $? $ echo $? 1 $ openssl xyz >/dev/null Invalid command 'xyz'; type "help" for a list. $ echo $? 1 $ openssl version OpenSSL 1.1.0i-fips 14 Aug 2018 This doesn't tell us whether ocsp is compiled in. I have no idea which bastardization of the openssl command line tool you are using which returns success for bad verbs. Complaining about /dev/null : orig code had this. Why was that OK? > Never suggested it was OK. Asking about finding potential *solutions* instead of throwing more darts at the wall. Why the emotive tone to a technical discussion?