From 76d3cb65aed1b2e454d129eb1e187e896f5e3a2a Mon Sep 17 00:00:00 2001 From: marha Date: Mon, 15 Jun 2015 20:18:50 +0200 Subject: Update to openssl-1.0.2c Conflicts: openssl/Makefile --- openssl/apps/Makefile | 19 +++++++----- openssl/apps/apps.c | 6 ++-- openssl/apps/asn1pars.c | 2 +- openssl/apps/ca.c | 10 +++---- openssl/apps/cms.c | 4 ++- openssl/apps/enc.c | 13 +++++--- openssl/apps/ocsp.c | 2 ++ openssl/apps/s_cb.c | 5 ++-- openssl/apps/s_client.c | 15 +++++----- openssl/apps/s_server.c | 79 +++++++++++++++++++++++++++++++++---------------- openssl/apps/s_time.c | 2 +- openssl/apps/smime.c | 2 ++ openssl/apps/speed.c | 11 +++---- openssl/apps/srp.c | 4 +-- openssl/apps/verify.c | 2 +- 15 files changed, 111 insertions(+), 65 deletions(-) (limited to 'openssl/apps') diff --git a/openssl/apps/Makefile b/openssl/apps/Makefile index 72657ea65..cafe55458 100644 --- a/openssl/apps/Makefile +++ b/openssl/apps/Makefile @@ -94,6 +94,9 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO) sreq.o: req.c $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c +openssl-vms.cnf: openssl.cnf + $(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -127,12 +130,12 @@ links: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ - fi +update: openssl-vms.cnf local_depend + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -144,10 +147,10 @@ clean: rm -f req $(DLIBSSL): - (cd ..; $(MAKE) DIRS=ssl all) + (cd ..; $(MAKE) build_libssl) $(DLIBCRYPTO): - (cd ..; $(MAKE) DIRS=crypto all) + (cd ..; $(MAKE) build_libcrypto) $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(EXE) diff --git a/openssl/apps/apps.c b/openssl/apps/apps.c index b0acbc7c1..7478fc379 100644 --- a/openssl/apps/apps.c +++ b/openssl/apps/apps.c @@ -574,7 +574,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) char *prompt = NULL; prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); - if(!prompt) { + if (!prompt) { BIO_printf(bio_err, "Out of memory\n"); UI_free(ui); return 0; @@ -588,7 +588,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) PW_MIN_LENGTH, bufsiz - 1); if (ok >= 0 && verify) { buff = (char *)OPENSSL_malloc(bufsiz); - if(!buff) { + if (!buff) { BIO_printf(bio_err, "Out of memory\n"); UI_free(ui); OPENSSL_free(prompt); @@ -2371,6 +2371,8 @@ int args_verify(char ***pargs, int *pargc, flags |= X509_V_FLAG_SUITEB_192_LOS; else if (!strcmp(arg, "-partial_chain")) flags |= X509_V_FLAG_PARTIAL_CHAIN; + else if (!strcmp(arg, "-no_alt_chains")) + flags |= X509_V_FLAG_NO_ALT_CHAINS; else return 0; diff --git a/openssl/apps/asn1pars.c b/openssl/apps/asn1pars.c index 7a0f16943..11b078759 100644 --- a/openssl/apps/asn1pars.c +++ b/openssl/apps/asn1pars.c @@ -375,7 +375,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) { CONF *cnf = NULL; int len; - long errline; + long errline = 0; unsigned char *p; ASN1_TYPE *atyp = NULL; diff --git a/openssl/apps/ca.c b/openssl/apps/ca.c index d64ec4f14..3b7336c04 100644 --- a/openssl/apps/ca.c +++ b/openssl/apps/ca.c @@ -563,7 +563,7 @@ int MAIN(int argc, char **argv) #ifdef OPENSSL_SYS_VMS len = strlen(s) + sizeof(CONFIG_FILE); tofree = OPENSSL_malloc(len); - if(!tofree) { + if (!tofree) { BIO_printf(bio_err, "Out of memory\n"); goto err; } @@ -571,7 +571,7 @@ int MAIN(int argc, char **argv) #else len = strlen(s) + sizeof(CONFIG_FILE) + 1; tofree = OPENSSL_malloc(len); - if(!tofree) { + if (!tofree) { BIO_printf(bio_err, "Out of memory\n"); goto err; } @@ -2821,7 +2821,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME *comp_time = NULL; tmp = BUF_strdup(str); - if(!tmp) { + if (!tmp) { BIO_printf(bio_err, "memory allocation failure\n"); goto err; } @@ -2843,7 +2843,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, if (prevtm) { *prevtm = ASN1_UTCTIME_new(); - if(!*prevtm) { + if (!*prevtm) { BIO_printf(bio_err, "memory allocation failure\n"); goto err; } @@ -2887,7 +2887,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, goto err; } comp_time = ASN1_GENERALIZEDTIME_new(); - if(!comp_time) { + if (!comp_time) { BIO_printf(bio_err, "memory allocation failure\n"); goto err; } diff --git a/openssl/apps/cms.c b/openssl/apps/cms.c index 2c922537c..60479374c 100644 --- a/openssl/apps/cms.c +++ b/openssl/apps/cms.c @@ -463,7 +463,7 @@ int MAIN(int argc, char **argv) if (key_param == NULL || key_param->idx != keyidx) { cms_key_param *nparam; nparam = OPENSSL_malloc(sizeof(cms_key_param)); - if(!nparam) { + if (!nparam) { BIO_printf(bio_err, "Out of memory\n"); goto argerr; } @@ -645,6 +645,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-CApath dir trusted certificates directory\n"); BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf(bio_err, + "-no_alt_chains only ever use the first certificate chain found\n"); BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf(bio_err, diff --git a/openssl/apps/enc.c b/openssl/apps/enc.c index 5c2cf7a4a..7b7c70b13 100644 --- a/openssl/apps/enc.c +++ b/openssl/apps/enc.c @@ -548,9 +548,14 @@ int MAIN(int argc, char **argv) else OPENSSL_cleanse(str, strlen(str)); } - if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) { - BIO_printf(bio_err, "invalid hex iv value\n"); - goto end; + if (hiv != NULL) { + int siz = EVP_CIPHER_iv_length(cipher); + if (siz == 0) { + BIO_printf(bio_err, "warning: iv not use by this cipher\n"); + } else if (!set_hex(hiv, iv, sizeof iv)) { + BIO_printf(bio_err, "invalid hex iv value\n"); + goto end; + } } if ((hiv == NULL) && (str == NULL) && EVP_CIPHER_iv_length(cipher) != 0) { @@ -562,7 +567,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "iv undefined\n"); goto end; } - if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) { + if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) { BIO_printf(bio_err, "invalid hex key value\n"); goto end; } diff --git a/openssl/apps/ocsp.c b/openssl/apps/ocsp.c index ebb3732cd..b858b8d3e 100644 --- a/openssl/apps/ocsp.c +++ b/openssl/apps/ocsp.c @@ -535,6 +535,8 @@ int MAIN(int argc, char **argv) "-CApath dir trusted certificates directory\n"); BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf(bio_err, + "-no_alt_chains only ever use the first certificate chain found\n"); BIO_printf(bio_err, "-VAfile file validator certificates file\n"); BIO_printf(bio_err, diff --git a/openssl/apps/s_cb.c b/openssl/apps/s_cb.c index f6e6bcd76..dd3aa74e0 100644 --- a/openssl/apps/s_cb.c +++ b/openssl/apps/s_cb.c @@ -111,6 +111,7 @@ #include #include +#include /* for memcpy() and strcmp() */ #define USE_SOCKETS #define NON_MAIN #include "apps.h" @@ -456,7 +457,7 @@ int ssl_print_curves(BIO *out, SSL *s, int noshared) if (ncurves <= 0) return 1; curves = OPENSSL_malloc(ncurves * sizeof(int)); - if(!curves) { + if (!curves) { BIO_puts(out, "Malloc error getting supported curves\n"); return 0; } @@ -1012,7 +1013,7 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, /* Initialize a random secret */ if (!cookie_initialized) { - if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) { + if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) { BIO_printf(bio_err, "error setting random cookie secret\n"); return 0; } diff --git a/openssl/apps/s_client.c b/openssl/apps/s_client.c index 8fa2b737a..e55f2c5ab 100644 --- a/openssl/apps/s_client.c +++ b/openssl/apps/s_client.c @@ -331,6 +331,8 @@ static void sc_usage(void) " -pass arg - private key file pass phrase source\n"); BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err, + " -no_alt_chains - only ever use the first certificate chain found\n"); BIO_printf(bio_err, " -reconnect - Drop and re-make the connection with the same Session-ID\n"); BIO_printf(bio_err, @@ -560,7 +562,7 @@ static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) PW_CB_DATA cb_tmp; int l; - if(!pass) { + if (!pass) { BIO_printf(bio_err, "Malloc failure\n"); return NULL; } @@ -1336,13 +1338,12 @@ int MAIN(int argc, char **argv) SSL_CTX_set_verify(ctx, verify, verify_callback); - if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(ctx))) { - /* - * BIO_printf(bio_err,"error setting default verify locations\n"); - */ + if ((CAfile || CApath) + && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) { + ERR_print_errors(bio_err); + } + if (!SSL_CTX_set_default_verify_paths(ctx)) { ERR_print_errors(bio_err); - /* goto end; */ } ssl_ctx_add_crls(ctx, crls, crl_download); diff --git a/openssl/apps/s_server.c b/openssl/apps/s_server.c index a8491acfd..acef382c2 100644 --- a/openssl/apps/s_server.c +++ b/openssl/apps/s_server.c @@ -222,7 +222,7 @@ static void init_session_cache_ctx(SSL_CTX *sctx); static void free_sessions(void); #ifndef OPENSSL_NO_DH static DH *load_dh_param(const char *dhfile); -static DH *get_dh512(void); +static DH *get_dh2048(void); #endif #ifdef MONOLITH @@ -230,30 +230,48 @@ static void s_server_init(void); #endif #ifndef OPENSSL_NO_DH -static unsigned char dh512_p[] = { - 0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75, - 0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F, - 0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3, - 0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12, - 0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C, - 0x47, 0x74, 0xE8, 0x33, +static unsigned char dh2048_p[] = { + 0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6, + 0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1, + 0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9, + 0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD, + 0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17, + 0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F, + 0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD, + 0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30, + 0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E, + 0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4, + 0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58, + 0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B, + 0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C, + 0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B, + 0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD, + 0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C, + 0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C, + 0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29, + 0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B, + 0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C, + 0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55, + 0xE9,0x32,0x0B,0x3B, }; -static unsigned char dh512_g[] = { +static unsigned char dh2048_g[] = { 0x02, }; -static DH *get_dh512(void) +DH *get_dh2048() { - DH *dh = NULL; + DH *dh; if ((dh = DH_new()) == NULL) - return (NULL); - dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); - dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - return (NULL); - return (dh); + return NULL; + dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL); + dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL); + if (dh->p == NULL || dh->g == NULL) { + DH_free(dh); + return NULL; + } + return dh; } #endif @@ -553,6 +571,8 @@ static void sv_usage(void) BIO_printf(bio_err, " -state - Print the SSL states\n"); BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err, + " -no_alt_chains - only ever use the first certificate chain found\n"); BIO_printf(bio_err, " -nocert - Don't use any certificates (Anon-DH)\n"); BIO_printf(bio_err, @@ -754,7 +774,7 @@ static int ebcdic_write(BIO *b, const char *in, int inl) num = inl; wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num); - if(!wbuf) + if (!wbuf) return 0; OPENSSL_free(b->ptr); @@ -1865,7 +1885,11 @@ int MAIN(int argc, char *argv[]) BIO_printf(bio_s_out, "Setting temp DH parameters\n"); } else { BIO_printf(bio_s_out, "Using default temp DH parameters\n"); - dh = get_dh512(); + dh = get_dh2048(); + if (dh == NULL) { + ERR_print_errors(bio_err); + goto end; + } } (void)BIO_flush(bio_s_out); @@ -2453,8 +2477,10 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) ret = 1; goto err; } - l += k; - i -= k; + if (k > 0) { + l += k; + i -= k; + } if (i <= 0) break; } @@ -3281,7 +3307,8 @@ static int generate_session_id(const SSL *ssl, unsigned char *id, { unsigned int count = 0; do { - RAND_pseudo_bytes(id, *id_len); + if (RAND_pseudo_bytes(id, *id_len) < 0) + return 0; /* * Prefix the session_id with the required prefix. NB: If our prefix * is too long, clip it - but there will be worse effects anyway, eg. @@ -3323,7 +3350,7 @@ static int add_session(SSL *ssl, SSL_SESSION *session) unsigned char *p; sess = OPENSSL_malloc(sizeof(simple_ssl_session)); - if(!sess) { + if (!sess) { BIO_printf(bio_err, "Out of memory adding session to external cache\n"); return 0; } @@ -3334,12 +3361,12 @@ static int add_session(SSL *ssl, SSL_SESSION *session) sess->id = BUF_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen); sess->der = OPENSSL_malloc(sess->derlen); - if(!sess->id || !sess->der) { + if (!sess->id || !sess->der) { BIO_printf(bio_err, "Out of memory adding session to external cache\n"); - if(sess->id) + if (sess->id) OPENSSL_free(sess->id); - if(sess->der) + if (sess->der) OPENSSL_free(sess->der); OPENSSL_free(sess); return 0; diff --git a/openssl/apps/s_time.c b/openssl/apps/s_time.c index a40997a22..38788f713 100644 --- a/openssl/apps/s_time.c +++ b/openssl/apps/s_time.c @@ -302,7 +302,7 @@ static int parseArgs(int argc, char **argv) if (--argc < 1) goto bad; maxTime = atoi(*(++argv)); - if(maxTime <= 0) { + if (maxTime <= 0) { BIO_printf(bio_err, "time must be > 0\n"); badop = 1; } diff --git a/openssl/apps/smime.c b/openssl/apps/smime.c index 764509f23..6044ccf5f 100644 --- a/openssl/apps/smime.c +++ b/openssl/apps/smime.c @@ -441,6 +441,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-CApath dir trusted certificates directory\n"); BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf(bio_err, + "-no_alt_chains only ever use the first certificate chain found\n"); BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf(bio_err, diff --git a/openssl/apps/speed.c b/openssl/apps/speed.c index 7b1acc189..3697b71ec 100644 --- a/openssl/apps/speed.c +++ b/openssl/apps/speed.c @@ -2775,7 +2775,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) inp = OPENSSL_malloc(mblengths[num - 1]); out = OPENSSL_malloc(mblengths[num - 1] + 1024); - if(!inp || !out) { + if (!inp || !out) { BIO_printf(bio_err,"Out of memory\n"); goto end; } @@ -2791,7 +2791,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) print_message(alg_name, 0, mblengths[j]); Time_F(START); for (count = 0, run = 1; run && count < 0x7fffffff; count++) { - unsigned char aad[13]; + unsigned char aad[EVP_AEAD_TLS1_AAD_LEN]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; size_t len = mblengths[j]; int packlen; @@ -2826,7 +2826,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) aad[11] = len >> 8; aad[12] = len; pad = EVP_CIPHER_CTX_ctrl(&ctx, - EVP_CTRL_AEAD_TLS1_AAD, 13, aad); + EVP_CTRL_AEAD_TLS1_AAD, + EVP_AEAD_TLS1_AAD_LEN, aad); EVP_Cipher(&ctx, out, inp, len + pad); } } @@ -2865,9 +2866,9 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) } end: - if(inp) + if (inp) OPENSSL_free(inp); - if(out) + if (out) OPENSSL_free(out); } #endif diff --git a/openssl/apps/srp.c b/openssl/apps/srp.c index c679448ee..c0ff4171c 100644 --- a/openssl/apps/srp.c +++ b/openssl/apps/srp.c @@ -435,7 +435,7 @@ int MAIN(int argc, char **argv) # ifdef OPENSSL_SYS_VMS len = strlen(s) + sizeof(CONFIG_FILE); tofree = OPENSSL_malloc(len); - if(!tofree) { + if (!tofree) { BIO_printf(bio_err, "Out of memory\n"); goto err; } @@ -443,7 +443,7 @@ int MAIN(int argc, char **argv) # else len = strlen(s) + sizeof(CONFIG_FILE) + 1; tofree = OPENSSL_malloc(len); - if(!tofree) { + if (!tofree) { BIO_printf(bio_err, "Out of memory\n"); goto err; } diff --git a/openssl/apps/verify.c b/openssl/apps/verify.c index b3ba53d97..78e729fc8 100644 --- a/openssl/apps/verify.c +++ b/openssl/apps/verify.c @@ -232,7 +232,7 @@ int MAIN(int argc, char **argv) if (ret == 1) { BIO_printf(bio_err, "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); - BIO_printf(bio_err, " [-attime timestamp]"); + BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " [-engine e]"); #endif -- cgit v1.2.3