mirror of https://github.com/openssl/openssl
apps/req,crl: exit with 1 on verification failure
Fixes #23771 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23773)
This commit is contained in:
parent
a4cbffcd89
commit
6af739b79b
|
@ -28,6 +28,11 @@ OpenSSL 3.3
|
||||||
|
|
||||||
### Changes between 3.2 and 3.3 [xx XXX xxxx]
|
### Changes between 3.2 and 3.3 [xx XXX xxxx]
|
||||||
|
|
||||||
|
* The `-verify` option to the `openssl crl` and `openssl req` will make
|
||||||
|
the program exit with 1 on failure.
|
||||||
|
|
||||||
|
*Vladimír Kotal*
|
||||||
|
|
||||||
* The BIO_get_new_index() function can only be called 127 times before it
|
* The BIO_get_new_index() function can only be called 127 times before it
|
||||||
reaches its upper bound of BIO_TYPE_MASK. It will now correctly return an
|
reaches its upper bound of BIO_TYPE_MASK. It will now correctly return an
|
||||||
error of -1 once it is exhausted. Users may need to reserve using this
|
error of -1 once it is exhausted. Users may need to reserve using this
|
||||||
|
|
|
@ -248,9 +248,10 @@ int crl_main(int argc, char **argv)
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
if (i < 0)
|
if (i < 0)
|
||||||
goto end;
|
goto end;
|
||||||
if (i == 0)
|
if (i == 0) {
|
||||||
BIO_printf(bio_err, "verify failure\n");
|
BIO_printf(bio_err, "verify failure\n");
|
||||||
else
|
goto end;
|
||||||
|
} else
|
||||||
BIO_printf(bio_err, "verify OK\n");
|
BIO_printf(bio_err, "verify OK\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -918,9 +918,10 @@ int req_main(int argc, char **argv)
|
||||||
|
|
||||||
if (i < 0)
|
if (i < 0)
|
||||||
goto end;
|
goto end;
|
||||||
if (i == 0)
|
if (i == 0) {
|
||||||
BIO_printf(bio_err, "Certificate request self-signature verify failure\n");
|
BIO_printf(bio_err, "Certificate request self-signature verify failure\n");
|
||||||
else /* i > 0 */
|
goto end;
|
||||||
|
} else /* i > 0 */
|
||||||
BIO_printf(bio_out, "Certificate request self-signature verify OK\n");
|
BIO_printf(bio_out, "Certificate request self-signature verify OK\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -93,7 +93,9 @@ Print out the CRL in text form.
|
||||||
|
|
||||||
=item B<-verify>
|
=item B<-verify>
|
||||||
|
|
||||||
Verify the signature in the CRL.
|
Verify the signature in the CRL. If the verification fails,
|
||||||
|
the program will immediately exit, i.e. further option processing
|
||||||
|
(e.g. B<-gendelta>) is skipped.
|
||||||
|
|
||||||
=item B<-noout>
|
=item B<-noout>
|
||||||
|
|
||||||
|
|
|
@ -148,7 +148,9 @@ Prints out the value of the modulus of the public key contained in the request.
|
||||||
|
|
||||||
=item B<-verify>
|
=item B<-verify>
|
||||||
|
|
||||||
Verifies the self-signature on the request.
|
Verifies the self-signature on the request. If the verification fails,
|
||||||
|
the program will immediately exit, i.e. further option processing
|
||||||
|
(e.g. B<-text>) is skipped.
|
||||||
|
|
||||||
=item B<-new>
|
=item B<-new>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue