From 63c6aa6b9311d2834cbfea2b6311d44be9075dd0 Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Fri, 1 Jan 2016 18:45:29 -0500
Subject: Cleanup of verify(1) failure output

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 apps/verify.c | 51 +++++++++++++++++++++++++++------------------------
 1 file changed, 27 insertions(+), 24 deletions(-)

(limited to 'apps')

diff --git a/apps/verify.c b/apps/verify.c
index bd4ed05065..dae5ba8455 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -263,16 +263,17 @@ static int check(X509_STORE *ctx, char *file,
     x = load_cert(file, FORMAT_PEM, NULL, e, "certificate file");
     if (x == NULL)
         goto end;
-    printf("%s: ", (file == NULL) ? "stdin" : file);
 
     csc = X509_STORE_CTX_new();
     if (csc == NULL) {
-        ERR_print_errors(bio_err);
+        printf("error %s: X.509 store context allocation failed\n",
+               (file == NULL) ? "stdin" : file);
         goto end;
     }
     X509_STORE_set_flags(ctx, vflags);
     if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
-        ERR_print_errors(bio_err);
+        printf("error %s: X.509 store context initialization failed\n",
+               (file == NULL) ? "stdin" : file);
         goto end;
     }
     if (tchain)
@@ -281,32 +282,34 @@ static int check(X509_STORE *ctx, char *file,
         X509_STORE_CTX_set0_crls(csc, crls);
     i = X509_verify_cert(csc);
     if (i > 0) {
-        printf("OK\n");
+        printf("%s: OK\n", (file == NULL) ? "stdin" : file);
         ret = 1;
-	if (show_chain) {
-	    int j;
+        if (show_chain) {
+            int j;
 
-	    chain = X509_STORE_CTX_get1_chain(csc);
-	    num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
-	    printf("Chain:\n");
-	    for (j = 0; j < sk_X509_num(chain); j++) {
-		X509 *cert = sk_X509_value(chain, j);
-		printf("depth=%d: ", j);
-		X509_NAME_print_ex_fp(stdout,
-				      X509_get_subject_name(cert),
-				      0, XN_FLAG_ONELINE);
-		if (j < num_untrusted)
-		    printf(" (untrusted)");
-		printf("\n");
-	    }
-	    sk_X509_pop_free(chain, X509_free);
-	}
+            chain = X509_STORE_CTX_get1_chain(csc);
+            num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
+            printf("Chain:\n");
+            for (j = 0; j < sk_X509_num(chain); j++) {
+                X509 *cert = sk_X509_value(chain, j);
+                printf("depth=%d: ", j);
+                X509_NAME_print_ex_fp(stdout,
+                                      X509_get_subject_name(cert),
+                                      0, XN_FLAG_ONELINE);
+                if (j < num_untrusted)
+                    printf(" (untrusted)");
+                printf("\n");
+            }
+            sk_X509_pop_free(chain, X509_free);
+        }
+    } else {
+        printf("error %s: verification failed\n", (file == NULL) ? "stdin" : file);
     }
     X509_STORE_CTX_free(csc);
 
  end:
     if (i <= 0)
-	ERR_print_errors(bio_err);
+        ERR_print_errors(bio_err);
     X509_free(x);
 
     return ret;
@@ -324,8 +327,8 @@ static int cb(int ok, X509_STORE_CTX *ctx)
                             0, XN_FLAG_ONELINE);
             BIO_printf(bio_err, "\n");
         }
-        BIO_printf(bio_err, "%serror %d at %d depth lookup:%s\n",
-               X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "",
+        BIO_printf(bio_err, "%serror %d at %d depth lookup: %s\n",
+               X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path] " : "",
                cert_error,
                X509_STORE_CTX_get_error_depth(ctx),
                X509_verify_cert_error_string(cert_error));
-- 
cgit v1.2.3