From 9c73e48a081278f18f3203efca980ddfa873e71f Mon Sep 17 00:00:00 2001 From: David von Oheimb Date: Thu, 14 Dec 2017 11:10:33 +0100 Subject: [PATCH] Minor cleanup of error output for various apps Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/4930) --- apps/ca.c | 38 +++++++++++--------------------------- apps/pkcs12.c | 4 +++- apps/s_server.c | 3 ++- 3 files changed, 16 insertions(+), 29 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index a9f4de8bc1..0f21b4fa1c 100755 --- a/apps/ca.c +++ b/apps/ca.c @@ -517,10 +517,8 @@ end_of_options: BIO_free(oid_bio); } } - if (!add_oid_section(conf)) { - ERR_print_errors(bio_err); + if (!add_oid_section(conf)) goto end; - } app_RAND_load_conf(conf, BASE_SECTION); @@ -1347,38 +1345,32 @@ static int certify(X509 **xret, const char *infile, int informat, req = load_csr(infile, informat, "certificate request"); if (req == NULL) goto end; + if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) { + BIO_printf(bio_err, "Error unpacking public key\n"); + goto end; + } if (verbose) X509_REQ_print_ex(bio_err, req, nameopt, X509_FLAG_COMPAT); BIO_printf(bio_err, "Check that the request matches the signature\n"); + ok = 0; if (selfsign && !X509_REQ_check_private_key(req, pkey)) { BIO_printf(bio_err, "Certificate request and CA private key do not match\n"); - ok = 0; - goto end; - } - if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) { - BIO_printf(bio_err, "error unpacking public key\n"); goto end; } i = do_X509_REQ_verify(req, pktmp, vfyopts); - pktmp = NULL; if (i < 0) { - ok = 0; - BIO_printf(bio_err, "Signature verification problems....\n"); - ERR_print_errors(bio_err); + BIO_printf(bio_err, "Signature verification problems...\n"); goto end; } if (i == 0) { - ok = 0; BIO_printf(bio_err, "Signature did not match the certificate request\n"); - ERR_print_errors(bio_err); goto end; - } else { - BIO_printf(bio_err, "Signature ok\n"); } + BIO_printf(bio_err, "Signature ok\n"); ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch, @@ -1386,6 +1378,7 @@ static int certify(X509 **xret, const char *infile, int informat, ext_copy, selfsign); end: + ERR_print_errors(bio_err); X509_REQ_free(req); return ok; } @@ -1478,10 +1471,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if (subj) { X509_NAME *n = parse_name(subj, chtype, multirdn, "subject"); - if (!n) { - ERR_print_errors(bio_err); + if (!n) goto end; - } X509_REQ_set_subject_name(req, n); X509_NAME_free(n); } @@ -1719,7 +1710,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect); - ERR_print_errors(bio_err); goto end; } if (verbose) @@ -1733,7 +1723,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect); - ERR_print_errors(bio_err); goto end; } @@ -1747,7 +1736,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if (!copy_extensions(ret, req, ext_copy)) { BIO_printf(bio_err, "ERROR: adding extensions from request\n"); - ERR_print_errors(bio_err); goto end; } @@ -2005,7 +1993,6 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, parms = CONF_load(NULL, infile, &errline); if (parms == NULL) { BIO_printf(bio_err, "error on line %ld of %s\n", errline, infile); - ERR_print_errors(bio_err); goto end; } @@ -2023,10 +2010,8 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, * and we can use the same code as if you had a real X509 request. */ req = X509_REQ_new(); - if (req == NULL) { - ERR_print_errors(bio_err); + if (req == NULL) goto end; - } /* * Build up the subject name set. @@ -2057,7 +2042,6 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, if (spki == NULL) { BIO_printf(bio_err, "unable to load Netscape SPKAC structure\n"); - ERR_print_errors(bio_err); goto end; } } diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 1432d2b930..2c4e11a410 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -596,7 +596,8 @@ int pkcs12_main(int argc, char **argv) key_pbe, cert_pbe, iter, -1, keytype); if (p12 == NULL) { - ERR_print_errors(bio_err); + BIO_printf(bio_err, "Error creating PKCS12 structure for %s\n", + outfile); goto export_end; } @@ -625,6 +626,7 @@ int pkcs12_main(int argc, char **argv) sk_X509_pop_free(untrusted_certs, X509_free); X509_free(ee_cert); + ERR_print_errors(bio_err); goto end; } diff --git a/apps/s_server.c b/apps/s_server.c index 1e4bb4f639..24dffeab01 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -827,7 +827,8 @@ const OPTIONS s_server_options[] = { "Second private key file to use (usually for DSA)"}, {"dkeyform", OPT_DKEYFORM, 'F', "Second key file format (ENGINE, other values ignored)"}, - {"dpass", OPT_DPASS, 's', "Second private key and cert file pass phrase source"}, + {"dpass", OPT_DPASS, 's', + "Second private key and cert file pass phrase source"}, {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"}, {"servername", OPT_SERVERNAME, 's', "Servername for HostName TLS extension"}, -- 2.39.2