OpenSSL app worked as expected, and that is what 0 means (EXIT_SUCCES) in C programming. The fact that verification wasn't successful does not mean OpenSSL app didn't work correctly. I think you either have to write your own app (or maybe just modifiy OpenSSL verify app to return what you want) or parse the textual return of the app (which is not very good, IMO).
2012/11/2 Ken Goldman <kgold...@us.ibm.com> > In testing my regression tests, I supply a bad CA certificate to force the > verify to fail. > > I use: > > > openssl verify -CAfile cacert.pem cert.pem > > It printed this, which I expected. > > "error 20 at 0 depth lookup: ..." > > However, when my bash script checks the return code, it is still 0. I was > hoping for a non-zero error return to catch real errors later. > > A bug? If not, what's the correct way to capture errors in a shell script? > > ______________________________**______________________________**__________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Felipe Menegola Blauth
