On Mon, Mar 03, 2014, Roumen Petrov wrote:
> Hello,
> It seems me logic verification logic for X.509 certificates is
> changed in a minor release.
>
> $ cd /test
>
> $ openssl version
> OpenSSL 1.0.1f 6 Jan 2014
> $ openssl verify certCA.ss; echo $?
> certCA.ss: C = AU, O = Dodgy Brothers, CN = Dodgy CA
> error 18 at 0 depth lookup:self signed certificate
> OK
> 0
>
> $ ../util/opensslwrap.sh version
> OpenSSL 1.0.2-beta2-dev xx XXX
> $ ../util/opensslwrap.sh verify certCA.ss; echo $?
> certCA.ss: C = AU, O = Dodgy Brothers, CN = Dodgy CA
> error 18 at 0 depth lookup:self signed certificate
> C = AU, O = Dodgy Brothers, CN = Dodgy CA
> error 20 at 0 depth lookup:unable to get local issuer certificate
> 2
> ===
>
> There is extra error with code 20. This may break external
> applications with custom verification callback.
>
> For historic reasons exit code of openssl verify command is not used
> and to me this is not so important.
>
Should be fixed now, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org