Can't use -trusted with -CA{path,file}

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
author: Rich Salz <rsalz@akamai.com> 2015-07-09 14:54:13 -0400
committer: Rich Salz <rsalz@openssl.org> 2015-07-14 07:46:20 -0400
commit: 5b89036c41a009a76cd0e1595dde5001ae157972 (patch)
tree: adf1d29e8b504cc62a6cf17c9c28216ca7af9ea9 /apps/verify.c
parent: e5c0bc6cc49a23b50a272801c4bd53639c25fca4 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/apps/verify.c b/apps/verify.c
index a823d58a75..7fcd32a404 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -88,7 +88,7 @@ OPTIONS verify_options[] = {
     {"CApath", OPT_CAPATH, '/', "A directory of trusted certificates"},
     {"CAfile", OPT_CAFILE, '<', "A file of trusted certificates"},
     {"untrusted", OPT_UNTRUSTED, '<', "A file of untrusted certificates"},
-    {"trusted", OPT_TRUSTED, '<', "A file of additional trusted certificates"},
+    {"trusted", OPT_TRUSTED, '<', "A file of trusted certificates"},
     {"CRLfile", OPT_CRLFILE, '<',
         "File containing one or more CRL's (in PEM format) to load"},
     {"crl_download", OPT_CRL_DOWNLOAD, '-',
@@ -180,6 +180,12 @@ int verify_main(int argc, char **argv)
     }
     argc = opt_num_rest();
     argv = opt_rest();
+    if (trustfile && (CAfile || CApath)) {
+        BIO_printf(bio_err,
+                   "%s: Cannot use -trusted with -CAfile or -CApath\n",
+                   prog);
+        goto end;
+    }
 
     if (!app_load_modules(NULL))
         goto end;
author	Rich Salz <rsalz@akamai.com>	2015-07-09 14:54:13 -0400
committer	Rich Salz <rsalz@openssl.org>	2015-07-14 07:46:20 -0400
commit	5b89036c41a009a76cd0e1595dde5001ae157972 (patch)
tree	adf1d29e8b504cc62a6cf17c9c28216ca7af9ea9 /apps/verify.c
parent	e5c0bc6cc49a23b50a272801c4bd53639c25fca4 (diff)