Hello,
> When I try to sign CSRs for my CA to create client certificates the
> openssl command-line tool returns 0, regardless of whether it succeeded
> or failed. Should it not be returning a non-zero value if it failed to
> sign the CSR for some reason?
>
> This is crucial when wrappering the openssl tool for automation
> purposes, like a CGI for a web-interface to managing one's CSR queue.
I think that this returns proper return code, for example
(some prepared errors):
$ openssl ca -config openssl.cnf -in certs/vpn-server-crt-req.pem
Using configuration from openssl.cnf
Enter pass phrase for /usr/local/etc/ca/private/cakey.pem:
unable to load CA private key
16824:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
decrypt:evp_enc.c:461:
16824:error:0906A065:PEM routines:PEM_do_header:bad
decrypt:pem_lib.c:425:
$ echo $?
1
$ openssl ca -config openssl.cnf -in certs/vpn-server-crt-req.pem
Using configuration from openssl.cnf
Enter pass phrase for /usr/local/etc/ca/private/cakey.pem:
Check that the request matches the signature
Signature ok
ERROR:Serial number 1032 has already been issued,
check the database/serial_file for corruption
The matching entry has the following details
Type :Valid
Expires on :070717222900Z
Serial Number :1032
File name :unknown
$ echo $?
1
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
