From 63c6aa6b9311d2834cbfea2b6311d44be9075dd0 Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Fri, 1 Jan 2016 18:45:29 -0500 Subject: [PATCH] Cleanup of verify(1) failure output Reviewed-by: Richard Levitte --- apps/verify.c | 51 +++++++++++++++++++++++++++------------------------ 1 file changed, 27 insertions(+), 24 deletions(-) diff --git a/apps/verify.c b/apps/verify.c index bd4ed05065..dae5ba8455 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -263,16 +263,17 @@ static int check(X509_STORE *ctx, char *file, x = load_cert(file, FORMAT_PEM, NULL, e, "certificate file"); if (x == NULL) goto end; - printf("%s: ", (file == NULL) ? "stdin" : file); csc = X509_STORE_CTX_new(); if (csc == NULL) { - ERR_print_errors(bio_err); + printf("error %s: X.509 store context allocation failed\n", + (file == NULL) ? "stdin" : file); goto end; } X509_STORE_set_flags(ctx, vflags); if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { - ERR_print_errors(bio_err); + printf("error %s: X.509 store context initialization failed\n", + (file == NULL) ? "stdin" : file); goto end; } if (tchain) @@ -281,32 +282,34 @@ static int check(X509_STORE *ctx, char *file, X509_STORE_CTX_set0_crls(csc, crls); i = X509_verify_cert(csc); if (i > 0) { - printf("OK\n"); + printf("%s: OK\n", (file == NULL) ? "stdin" : file); ret = 1; - if (show_chain) { - int j; + if (show_chain) { + int j; - chain = X509_STORE_CTX_get1_chain(csc); - num_untrusted = X509_STORE_CTX_get_num_untrusted(csc); - printf("Chain:\n"); - for (j = 0; j < sk_X509_num(chain); j++) { - X509 *cert = sk_X509_value(chain, j); - printf("depth=%d: ", j); - X509_NAME_print_ex_fp(stdout, - X509_get_subject_name(cert), - 0, XN_FLAG_ONELINE); - if (j < num_untrusted) - printf(" (untrusted)"); - printf("\n"); - } - sk_X509_pop_free(chain, X509_free); - } + chain = X509_STORE_CTX_get1_chain(csc); + num_untrusted = X509_STORE_CTX_get_num_untrusted(csc); + printf("Chain:\n"); + for (j = 0; j < sk_X509_num(chain); j++) { + X509 *cert = sk_X509_value(chain, j); + printf("depth=%d: ", j); + X509_NAME_print_ex_fp(stdout, + X509_get_subject_name(cert), + 0, XN_FLAG_ONELINE); + if (j < num_untrusted) + printf(" (untrusted)"); + printf("\n"); + } + sk_X509_pop_free(chain, X509_free); + } + } else { + printf("error %s: verification failed\n", (file == NULL) ? "stdin" : file); } X509_STORE_CTX_free(csc); end: if (i <= 0) - ERR_print_errors(bio_err); + ERR_print_errors(bio_err); X509_free(x); return ret; @@ -324,8 +327,8 @@ static int cb(int ok, X509_STORE_CTX *ctx) 0, XN_FLAG_ONELINE); BIO_printf(bio_err, "\n"); } - BIO_printf(bio_err, "%serror %d at %d depth lookup:%s\n", - X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "", + BIO_printf(bio_err, "%serror %d at %d depth lookup: %s\n", + X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path] " : "", cert_error, X509_STORE_CTX_get_error_depth(ctx), X509_verify_cert_error_string(cert_error)); -- 2.40.0