diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 1999-11-17 01:20:29 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 1999-11-17 01:20:29 +0000 |
| commit | f76d8c47470094a5cb14e937ef3c30db1d97389b (patch) | |
| tree | c88fc0c45f79f9fcdd7a28009a21827b2a056800 /apps/verify.c | |
| parent | b1fe6ca175bdbb51a064c1e5519b21d80804e7c6 (diff) | |
| download | openssl-new-f76d8c47470094a5cb14e937ef3c30db1d97389b.tar.gz | |
Modify verify code to handle self signed certificates.
Diffstat (limited to 'apps/verify.c')
| -rw-r--r-- | apps/verify.c | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/apps/verify.c b/apps/verify.c index 093fe09f2c..840fda9561 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -206,21 +206,18 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) if (!ok) { - /* since we are just checking the certificates, it is - * ok if they are self signed. */ - if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) - ok=1; - else - { - X509_NAME_oneline( + X509_NAME_oneline( X509_get_subject_name(ctx->current_cert),buf,256); - printf("%s\n",buf); - printf("error %d at %d depth lookup:%s\n",ctx->error, - ctx->error_depth, - X509_verify_cert_error_string(ctx->error)); - if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED) - ok=1; - } + printf("%s\n",buf); + printf("error %d at %d depth lookup:%s\n",ctx->error, + ctx->error_depth, + X509_verify_cert_error_string(ctx->error)); + if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED) ok=1; + /* since we are just checking the certificates, it is + * ok if they are self signed. But we should still warn + * the user. + */ + if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1; } if (!v_verbose) ERR_clear_error(); |