[openssl-users] openssl verify reporting errors where there are none
Graham Leggett
minfrin at sharp.fm
Tue May 3 12:25:01 UTC 2016
Hi all,
I am trying to use “openssl verify” as a sanity check to determine whether a set of certificates are sane and valid in a script that issues (or reissues) the certificates, and I’m struggling with the output of the “openssl verify” command.
This is output I get while verifying three certificates in a chain:
minfrin at localhost:~$ openssl verify -issuer_checks -trusted root-ca.crt -untrusted intermediate.crt cert.crt
cert.crt: [stuff]
error 29 at 0 depth lookup:subject issuer mismatch
[stuff]
error 29 at 0 depth lookup:subject issuer mismatch
[stuff]
error 29 at 0 depth lookup:subject issuer mismatch
[stuff]
error 29 at 0 depth lookup:subject issuer mismatch
OK
In theory the command just told me everything is ok. In practise, that command told the person running the script that 4 separate errors are present, which obviously in this case is not the case.
Is there a way to suppress these spurious messages so I only see actual errors?
Regards,
Graham
—
More information about the openssl-users
mailing list