Hello,
It seems me logic verification logic for X.509 certificates is changed
in a minor release.
$ cd <BUILDDIR>/test
$ openssl version
OpenSSL 1.0.1f 6 Jan 2014
$ openssl verify certCA.ss; echo $?
certCA.ss: C = AU, O = Dodgy Brothers, CN = Dodgy CA
error 18 at 0 depth lookup:self signed certificate
OK
0
$ ../util/opensslwrap.sh version
OpenSSL 1.0.2-beta2-dev xx XXX xxxx
$ ../util/opensslwrap.sh verify certCA.ss; echo $?
certCA.ss: C = AU, O = Dodgy Brothers, CN = Dodgy CA
error 18 at 0 depth lookup:self signed certificate
C = AU, O = Dodgy Brothers, CN = Dodgy CA
error 20 at 0 depth lookup:unable to get local issuer certificate
2
===
There is extra error with code 20. This may break external applications
with custom verification callback.
For historic reasons exit code of openssl verify command is not used and
to me this is not so important.
Regards,
Roumen Petrov
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
