diff options
author | Nils Larsch <nils@openssl.org> | 2006-12-27 09:40:52 +0000 |
---|---|---|
committer | Nils Larsch <nils@openssl.org> | 2006-12-27 09:40:52 +0000 |
commit | 123b23fa95bb36ba50de2bba5ab1157ca1870d9e (patch) | |
tree | 7ee3381a172b11e1649f8379b31ff09a28e3e257 /apps | |
parent | 423a5d54a101a8fd5c1e77b76102c3820c6f3b69 (diff) |
fix return value of get_cert_chain()
PR: 1441
Diffstat (limited to 'apps')
-rw-r--r-- | apps/pkcs12.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/apps/pkcs12.c b/apps/pkcs12.c index abd043d801..a482a2b7f2 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -528,8 +528,11 @@ int MAIN(int argc, char **argv) X509_free(sk_X509_value(chain2, 0)); sk_X509_free(chain2); } else { - BIO_printf (bio_err, "Error %s getting chain.\n", + if (vret >= 0) + BIO_printf (bio_err, "Error %s getting chain.\n", X509_verify_cert_error_string(vret)); + else + ERR_print_errors(bio_err); goto export_end; } } @@ -813,7 +816,7 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain) { X509_STORE_CTX store_ctx; STACK_OF(X509) *chn; - int i; + int i = 0; /* FIXME: Should really check the return status of X509_STORE_CTX_init * for an error, but how that fits into the return value of this @@ -821,14 +824,17 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain) X509_STORE_CTX_init(&store_ctx, store, cert, NULL); if (X509_verify_cert(&store_ctx) <= 0) { i = X509_STORE_CTX_get_error (&store_ctx); + if (i == 0) + /* avoid returning 0 if X509_verify_cert() did not + * set an appropriate error value in the context */ + i = -1; + chn = NULL; goto err; - } - chn = X509_STORE_CTX_get1_chain(&store_ctx); - i = 0; - *chain = chn; + } else + chn = X509_STORE_CTX_get1_chain(&store_ctx); err: X509_STORE_CTX_cleanup(&store_ctx); - *chain = NULL; + *chain = chn; return i; } |