Re: add error check to ocsp_test.c
it's a regress test. it's ok to be a bit fugly. brent you have my ok to commit it, and while you're at it modify it to just wrap it in an appropriate #define #ifdef for the path so it's even easier for portable. On Thu, Jul 7, 2016 at 7:17 AM, Brent Cookwrote: > sure, this makes it easier to patch in the right path in portable as well > > On Thu, Jul 7, 2016 at 7:23 AM, Kinichiro Inoguchi < > kinichiro.inogu...@gmail.com> wrote: > >> Hi, >> >> I would like to add error check for CAfile loading >> since some OS doesn't have /etc/ssl/cert.pem. >> >> Best regards, >> Kinichiro Inoguchi >>
Re: add error check to ocsp_test.c
sure, this makes it easier to patch in the right path in portable as well On Thu, Jul 7, 2016 at 7:23 AM, Kinichiro Inoguchi < kinichiro.inogu...@gmail.com> wrote: > Hi, > > I would like to add error check for CAfile loading > since some OS doesn't have /etc/ssl/cert.pem. > > Best regards, > Kinichiro Inoguchi >
add error check to ocsp_test.c
Hi, I would like to add error check for CAfile loading since some OS doesn't have /etc/ssl/cert.pem. Best regards, Kinichiro Inoguchi diff --git src/regress/lib/libcrypto/ocsp/ocsp_test.c src/regress/lib/libcrypto/ocsp/ocsp_test.c index 8867536..31594fa 100644 --- src/regress/lib/libcrypto/ocsp/ocsp_test.c +++ src/regress/lib/libcrypto/ocsp/ocsp_test.c @@ -47,6 +47,7 @@ int main(int argc, char *argv[]) { X509_STORE *st = NULL; STACK_OF(X509) *ch = NULL; char *host, *port; + char *cafile = "/etc/ssl/cert.pem"; SSL *ssl; SSL_CTX *ctx; @@ -56,7 +57,10 @@ int main(int argc, char *argv[]) { ctx = SSL_CTX_new(SSLv23_client_method()); - SSL_CTX_load_verify_locations(ctx, "/etc/ssl/cert.pem", NULL); + if (!SSL_CTX_load_verify_locations(ctx, cafile, NULL)) { + printf("failed to load %s\n", cafile); + exit(-1); + } if (argc != 3) errx(-1, "need a host and port to connect to");