Hello,
In case the openssl verify command is not able to process input file, it
reports the usage even if the usage is perfectly okay:
$ openssl verify -CAfile /local/Saved/SMI_SSL_CA-chain.pem cert.cer
Error loading file /local/Saved/SMI_SSL_CA-chain.pem
usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose
purpose] [-crl_check] [-engine e] cert1 cert2 ...
recognized usages:
sslclient SSL client
sslserver SSL server
nssslserver Netscape SSL server
smimesign S/MIME signing
smimeencrypt S/MIME encryption
crlsign CRL signing
any Any Purpose
ocsphelper OCSP helper
$
This is because of the following code in verify.c:
if (CAfile) {
i=X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM);
if(!i) {
BIO_printf(bio_err, "Error loading file %s\n", CAfile);
ERR_print_errors(bio_err);
goto end;
}
The goto jumps to the code which prints the usage. Similarly for other
input files.
Also, it does not report what went wrong with the input file.
v.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
