X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fverify.c;h=ce0ad249f2c84879d5f9928b40988acbcf29ce4f;hb=4e7e623012e1604d985e2ef362c2957d464f3f01;hp=a823d58a75d648904aa6e1cd4f0de6033635e164;hpb=7f3f41d816bb80e362a5978420f59030b3132c81;p=oweals%2Fopenssl.git

diff --git a/apps/verify.c b/apps/verify.c
index a823d58a75..ce0ad249f2 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -88,7 +88,7 @@ OPTIONS verify_options[] = {
     {"CApath", OPT_CAPATH, '/', "A directory of trusted certificates"},
     {"CAfile", OPT_CAFILE, '<', "A file of trusted certificates"},
     {"untrusted", OPT_UNTRUSTED, '<', "A file of untrusted certificates"},
-    {"trusted", OPT_TRUSTED, '<', "A file of additional trusted certificates"},
+    {"trusted", OPT_TRUSTED, '<', "A file of trusted certificates"},
     {"CRLfile", OPT_CRLFILE, '<',
         "File containing one or more CRL's (in PEM format) to load"},
     {"crl_download", OPT_CRL_DOWNLOAD, '-',
@@ -180,6 +180,12 @@ int verify_main(int argc, char **argv)
     }
     argc = opt_num_rest();
     argv = opt_rest();
+    if (trustfile && (CAfile || CApath)) {
+        BIO_printf(bio_err,
+                   "%s: Cannot use -trusted with -CAfile or -CApath\n",
+                   prog);
+        goto end;
+    }
 
     if (!app_load_modules(NULL))
         goto end;
@@ -266,37 +272,36 @@ static int check(X509_STORE *ctx, char *file,
     if (crls)
         X509_STORE_CTX_set0_crls(csc, crls);
     i = X509_verify_cert(csc);
-    if (i > 0 && show_chain) {
-        chain = X509_STORE_CTX_get1_chain(csc);
-        num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
-    }
-    X509_STORE_CTX_free(csc);
-
-    ret = 0;
- end:
     if (i > 0) {
         printf("OK\n");
         ret = 1;
-    } else
-        ERR_print_errors(bio_err);
-    if (chain) {
-        printf("Chain:\n");
-        for (i = 0; i < sk_X509_num(chain); i++) {
-            X509 *cert = sk_X509_value(chain, i);
-            printf("depth=%d: ", i);
-            X509_NAME_print_ex_fp(stdout,
-                                  X509_get_subject_name(cert),
-                                  0, XN_FLAG_ONELINE);
-            if (i < num_untrusted) {
-                printf(" (untrusted)");
-            }
-            printf("\n");
-        }
-        sk_X509_pop_free(chain, X509_free);
+	if (show_chain) {
+	    int j;
+
+	    chain = X509_STORE_CTX_get1_chain(csc);
+	    num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
+	    printf("Chain:\n");
+	    for (j = 0; j < sk_X509_num(chain); j++) {
+		X509 *cert = sk_X509_value(chain, j);
+		printf("depth=%d: ", j);
+		X509_NAME_print_ex_fp(stdout,
+				      X509_get_subject_name(cert),
+				      0, XN_FLAG_ONELINE);
+		if (j < num_untrusted)
+		    printf(" (untrusted)");
+		printf("\n");
+	    }
+	    sk_X509_pop_free(chain, X509_free);
+	}
     }
+    X509_STORE_CTX_free(csc);
+
+ end:
+    if (i <= 0)
+	ERR_print_errors(bio_err);
     X509_free(x);
 
-    return (ret);
+    return ret;
 }
 
 static int cb(int ok, X509_STORE_CTX *ctx)