Show errors on CSR verification failure.
authorDr. Stephen Henson <steve@openssl.org>
Sun, 29 Jun 2014 12:31:57 +0000 (13:31 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 29 Jun 2014 12:35:01 +0000 (13:35 +0100)
If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.

PR#2875
(cherry picked from commit a30bdb55d1361b9926eef8127debfc2e1bb8c484)

apps/ca.c

index 3f628900d23c05fff7a8e8e9aaf60491e052e05a..5fa5b6b2c12010e4c954de1697f258c35012eb9a 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1599,12 +1599,14 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
                {
                ok=0;
                BIO_printf(bio_err,"Signature verification problems....\n");
+               ERR_print_errors(bio_err);
                goto err;
                }
        if (i == 0)
                {
                ok=0;
                BIO_printf(bio_err,"Signature did not match the certificate request\n");
+               ERR_print_errors(bio_err);
                goto err;
                }
        else