On Thu, Jul 15, 2004 at 03:46:52PM +0200, Michael Konietzka via RT wrote: > BUG: apps/crl.c always returns an error when using noout-option. > Version: 0.9.7c, 0.9.7d, maybe more. > OS: Linux, but bug is OS-independent > > When using the crl-command within the openssl-application the > crl-command alwas returns with a ret-value!=0 when using "noout"-option which > apps/openssl.c analyze as an "error in crl" though the crl-command didn't failed. > > > [EMAIL PROTECTED] 006 $ openssl crl -out > > /usr/pki/operating/006/ca/OpenCA/var/tmp/28466_cnv-2.tmp -in > > /usr/pki/operating/006/ca/OpenCA/var/tmp/28466_data.tmp > > -text -noout -inform PEM > > [EMAIL PROTECTED] 006 $ > > [EMAIL PROTECTED] 006 $ openssl > > OpenSSL> crl -out > > /usr/pki/operating/006/ca/OpenCA/var/tmp/28466_cnv-2.tmp -in > > /usr/pki/operating/006/ca/OpenCA/var/tmp/28466_data.tmp > > -text -noout -inform PEM > > error in crl
A co-worker of mine discovered the problem as well: |> This makes some scripting a bit difficult: |> |> * openssl crl ... -noout -text returns 1 on success (!!!) |> * openssl crl ... -text returns 0 on success |> * openssl crl ... -outform DER|PEM liefert 0 on success |> |> Attached you'll find a short patch, which fixes this behaviour. As the |> subfunction always returns 1, it would also be possible to always return 0, but |> maybe the subfunction will change some time. I've attached his patch. Peter -- Thought is limitation. Free your mind.
diff -Nur openssl-0.9.7d.orig/apps/crl.c openssl-0.9.7d/apps/crl.c --- openssl-0.9.7d.orig/apps/crl.c 2004-07-20 11:13:28.428102578 +0200 +++ openssl-0.9.7d/apps/crl.c 2004-07-20 12:30:43.729848489 +0200 @@ -353,7 +353,13 @@ } } - if (text) X509_CRL_print(out, x); + if (text) { + ret=X509_CRL_print(out, x); + /* stupid hack for stupid functions + * X509_CRL_print seems to always return 1*/ + if(ret == 1) + ret=0; + } if (noout) goto end;
pgp191g24i9tX.pgp
Description: PGP signature