Show errors on CSR verification failure.
authorDr. Stephen Henson <steve@openssl.org>
Sun, 29 Jun 2014 12:31:57 +0000 (13:31 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 29 Jun 2014 12:35:18 +0000 (13:35 +0100)
If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.

PR#2875
(cherry picked from commit a30bdb55d1361b9926eef8127debfc2e1bb8c484)

apps/ca.c

index d6984ba8fdedcf051170d223840b9d95ec42bc99..45c3183b9b29f31d0d69417f969d75e882c316b3 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1582,12 +1582,14 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
                {
                ok=0;
                BIO_printf(bio_err,"Signature verification problems....\n");
+               ERR_print_errors(bio_err);
                goto err;
                }
        if (i == 0)
                {
                ok=0;
                BIO_printf(bio_err,"Signature did not match the certificate request\n");
+               ERR_print_errors(bio_err);
                goto err;
                }
        else