In order to get the expected self signed error when

calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.

diff --git a/apps/x509.c b/apps/x509.c
index d20cf15267fa3e7eabdbbbcab2ab1acec05dd7ed..3db51121302746e6011cb5c6317c926aed4544b5 100644 (file)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1063,7 +1063,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
        BIO_free(io);
        io=NULL;
        
-       if (!X509_STORE_add_cert(ctx,x)) goto end;
+       /*if (!X509_STORE_add_cert(ctx,x)) goto end;*/
 
        /* NOTE: this certificate can/should be self signed, unless it was
         * a certificate request in which case it is not. */