Re: add error check to ocsp_test.c

[Bob Beck]

it's a regress test. it's ok to be a bit fugly. brent you have my ok
to commit it, and while you're at it modify it to just wrap
it in an appropriate #define #ifdef for the path so it's even easier
for portable.

On Thu, Jul 7, 2016 at 7:17 AM, Brent Cook  wrote:
> sure, this makes it easier to patch in the right path in portable as well
>
> On Thu, Jul 7, 2016 at 7:23 AM, Kinichiro Inoguchi <
> kinichiro.inogu...@gmail.com> wrote:
>
>> Hi,
>>
>> I would like to add error check for CAfile loading
>> since some OS doesn't have /etc/ssl/cert.pem.
>>
>> Best regards,
>> Kinichiro Inoguchi
>>

Re: add error check to ocsp_test.c

[Brent Cook]

sure, this makes it easier to patch in the right path in portable as well

On Thu, Jul 7, 2016 at 7:23 AM, Kinichiro Inoguchi <
kinichiro.inogu...@gmail.com> wrote:

> Hi,
>
> I would like to add error check for CAfile loading
> since some OS doesn't have /etc/ssl/cert.pem.
>
> Best regards,
> Kinichiro Inoguchi
>

add error check to ocsp_test.c

[Kinichiro Inoguchi]

Hi,

I would like to add error check for CAfile loading
since some OS doesn't have /etc/ssl/cert.pem.

Best regards,
Kinichiro Inoguchi
diff --git src/regress/lib/libcrypto/ocsp/ocsp_test.c 
src/regress/lib/libcrypto/ocsp/ocsp_test.c
index 8867536..31594fa 100644
--- src/regress/lib/libcrypto/ocsp/ocsp_test.c
+++ src/regress/lib/libcrypto/ocsp/ocsp_test.c
@@ -47,6 +47,7 @@ int main(int argc, char *argv[]) {
X509_STORE *st = NULL;
STACK_OF(X509) *ch = NULL;
char *host, *port;
+   char *cafile = "/etc/ssl/cert.pem";
 
SSL *ssl;
SSL_CTX *ctx;
@@ -56,7 +57,10 @@ int main(int argc, char *argv[]) {
 
ctx = SSL_CTX_new(SSLv23_client_method());
 
-   SSL_CTX_load_verify_locations(ctx, "/etc/ssl/cert.pem", NULL);
+   if (!SSL_CTX_load_verify_locations(ctx, cafile, NULL)) {
+   printf("failed to load %s\n", cafile);
+   exit(-1);
+   }
 
if (argc != 3)
errx(-1, "need a host and port to connect to");