Show errors on CSR verification failure.
authorDr. Stephen Henson <steve@openssl.org>
Sun, 29 Jun 2014 12:31:57 +0000 (13:31 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 29 Jun 2014 12:34:44 +0000 (13:34 +0100)
If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.

PR#2875
(cherry picked from commit a30bdb55d1361b9926eef8127debfc2e1bb8c484)

apps/ca.c

index cf7c04482a249434e636f7370b3cf79640f3102c..9c25026ac0b20a26cc3e6976a211353bd800464d 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1620,12 +1620,14 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
                {
                ok=0;
                BIO_printf(bio_err,"Signature verification problems....\n");
+               ERR_print_errors(bio_err);
                goto err;
                }
        if (i == 0)
                {
                ok=0;
                BIO_printf(bio_err,"Signature did not match the certificate request\n");
+               ERR_print_errors(bio_err);
                goto err;
                }
        else