Minor cleanup of error output for various apps

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/4930)
2025-04-29 11:14:36 +00:00 · 2017-12-14 11:10:33 +01:00 · 2017-12-14 11:10:33 +01:00 · 9c73e48a08
commit 9c73e48a08
parent c1097eecdf
3 changed files with 16 additions and 29 deletions
--- a/apps/ca.c
+++ b/apps/ca.c
@ -517,10 +517,8 @@ end_of_options:
            BIO_free(oid_bio);
        }
    }
-    if (!add_oid_section(conf)) {
-        ERR_print_errors(bio_err);
+    if (!add_oid_section(conf))
        goto end;
-    }

    app_RAND_load_conf(conf, BASE_SECTION);

@ -1347,38 +1345,32 @@ static int certify(X509 **xret, const char *infile, int informat,
    req = load_csr(infile, informat, "certificate request");
    if (req == NULL)
        goto end;
+    if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) {
+        BIO_printf(bio_err, "Error unpacking public key\n");
+        goto end;
+    }
    if (verbose)
        X509_REQ_print_ex(bio_err, req, nameopt, X509_FLAG_COMPAT);

    BIO_printf(bio_err, "Check that the request matches the signature\n");
+    ok = 0;

    if (selfsign && !X509_REQ_check_private_key(req, pkey)) {
        BIO_printf(bio_err,
                   "Certificate request and CA private key do not match\n");
-        ok = 0;
-        goto end;
-    }
-    if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) {
-        BIO_printf(bio_err, "error unpacking public key\n");
        goto end;
    }
    i = do_X509_REQ_verify(req, pktmp, vfyopts);
-    pktmp = NULL;
    if (i < 0) {
-        ok = 0;
-        BIO_printf(bio_err, "Signature verification problems....\n");
-        ERR_print_errors(bio_err);
+        BIO_printf(bio_err, "Signature verification problems...\n");
        goto end;
    }
    if (i == 0) {
-        ok = 0;
        BIO_printf(bio_err,
                   "Signature did not match the certificate request\n");
-        ERR_print_errors(bio_err);
        goto end;
-    } else {
-        BIO_printf(bio_err, "Signature ok\n");
    }
+    BIO_printf(bio_err, "Signature ok\n");

    ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
                 chtype, multirdn, email_dn, startdate, enddate, days, batch,
@ -1386,6 +1378,7 @@ static int certify(X509 **xret, const char *infile, int informat,
                 ext_copy, selfsign);

 end:
+    ERR_print_errors(bio_err);
    X509_REQ_free(req);
    return ok;
 }
@ -1478,10 +1471,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
    if (subj) {
        X509_NAME *n = parse_name(subj, chtype, multirdn, "subject");

-        if (!n) {
-            ERR_print_errors(bio_err);
+        if (!n)
            goto end;
-        }
        X509_REQ_set_subject_name(req, n);
        X509_NAME_free(n);
    }
@ -1719,7 +1710,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
                BIO_printf(bio_err,
                           "ERROR: adding extensions in section %s\n",
                           ext_sect);
-                ERR_print_errors(bio_err);
                goto end;
            }
            if (verbose)
@ -1733,7 +1723,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
                BIO_printf(bio_err,
                           "ERROR: adding extensions in section %s\n",
                           ext_sect);
-                ERR_print_errors(bio_err);
                goto end;
            }

@ -1747,7 +1736,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,

    if (!copy_extensions(ret, req, ext_copy)) {
        BIO_printf(bio_err, "ERROR: adding extensions from request\n");
-        ERR_print_errors(bio_err);
        goto end;
    }

@ -2005,7 +1993,6 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
    parms = CONF_load(NULL, infile, &errline);
    if (parms == NULL) {
        BIO_printf(bio_err, "error on line %ld of %s\n", errline, infile);
-        ERR_print_errors(bio_err);
        goto end;
    }

@ -2023,10 +2010,8 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
     * and we can use the same code as if you had a real X509 request.
     */
    req = X509_REQ_new();
-    if (req == NULL) {
-        ERR_print_errors(bio_err);
+    if (req == NULL)
        goto end;
-    }

    /*
     * Build up the subject name set.
@ -2057,7 +2042,6 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
                if (spki == NULL) {
                    BIO_printf(bio_err,
                               "unable to load Netscape SPKAC structure\n");
-                    ERR_print_errors(bio_err);
                    goto end;
                }
            }
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@ -596,7 +596,8 @@ int pkcs12_main(int argc, char **argv)
                            key_pbe, cert_pbe, iter, -1, keytype);

        if (p12 == NULL) {
-            ERR_print_errors(bio_err);
+            BIO_printf(bio_err, "Error creating PKCS12 structure for %s\n",
+                       outfile);
            goto export_end;
        }

@ -625,6 +626,7 @@ int pkcs12_main(int argc, char **argv)
        sk_X509_pop_free(untrusted_certs, X509_free);
        X509_free(ee_cert);

+        ERR_print_errors(bio_err);
        goto end;

    }
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -827,7 +827,8 @@ const OPTIONS s_server_options[] = {
     "Second private key file to use (usually for DSA)"},
    {"dkeyform", OPT_DKEYFORM, 'F',
     "Second key file format (ENGINE, other values ignored)"},
-    {"dpass", OPT_DPASS, 's', "Second private key and cert file pass phrase source"},
+    {"dpass", OPT_DPASS, 's',
+     "Second private key and cert file pass phrase source"},
    {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"},
    {"servername", OPT_SERVERNAME, 's',
     "Servername for HostName TLS extension"},