On Mon, Mar 03, 2014, Roumen Petrov wrote: > Hello, > It seems me logic verification logic for X.509 certificates is > changed in a minor release. > > $ cd <BUILDDIR>/test > > $ openssl version > OpenSSL 1.0.1f 6 Jan 2014 > $ openssl verify certCA.ss; echo $? > certCA.ss: C = AU, O = Dodgy Brothers, CN = Dodgy CA > error 18 at 0 depth lookup:self signed certificate > OK > 0 > > $ ../util/opensslwrap.sh version > OpenSSL 1.0.2-beta2-dev xx XXX xxxx > $ ../util/opensslwrap.sh verify certCA.ss; echo $? > certCA.ss: C = AU, O = Dodgy Brothers, CN = Dodgy CA > error 18 at 0 depth lookup:self signed certificate > C = AU, O = Dodgy Brothers, CN = Dodgy CA > error 20 at 0 depth lookup:unable to get local issuer certificate > 2 > === > > There is extra error with code 20. This may break external > applications with custom verification callback. > > For historic reasons exit code of openssl verify command is not used > and to me this is not so important. >
Should be fixed now, thanks for the report. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org