On Mon, Mar 03, 2014, Roumen Petrov wrote:
Hello,
It seems me logic verification logic for X.509 certificates is
changed in a minor release.
$ cd BUILDDIR/test
$ openssl version
OpenSSL 1.0.1f 6 Jan 2014
$ openssl verify certCA.ss; echo $?
certCA.ss: C = AU, O = Dodgy Brothers, CN = Dodgy CA
error 18 at 0 depth lookup:self signed certificate
OK
0
$ ../util/opensslwrap.sh version
OpenSSL 1.0.2-beta2-dev xx XXX
$ ../util/opensslwrap.sh verify certCA.ss; echo $?
certCA.ss: C = AU, O = Dodgy Brothers, CN = Dodgy CA
error 18 at 0 depth lookup:self signed certificate
C = AU, O = Dodgy Brothers, CN = Dodgy CA
error 20 at 0 depth lookup:unable to get local issuer certificate
2
===
There is extra error with code 20. This may break external
applications with custom verification callback.
For historic reasons exit code of openssl verify command is not used
and to me this is not so important.
Should be fixed now, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
