diff options
author | Marc Espie <espie@cvs.openbsd.org> | 2010-07-15 13:38:31 +0000 |
---|---|---|
committer | Marc Espie <espie@cvs.openbsd.org> | 2010-07-15 13:38:31 +0000 |
commit | e2a18815a8338bcd480e4c504a0ae13d11f5c22b (patch) | |
tree | ccf74b36f66580e7229f1a8ad3c6ea1a624aeb2d | |
parent | abededc8f6ac9753b5483c042324943503e8f17a (diff) |
store openssl error output during verification, and log it if it didn't work.
-rw-r--r-- | usr.sbin/pkg_add/OpenBSD/x509.pm | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/usr.sbin/pkg_add/OpenBSD/x509.pm b/usr.sbin/pkg_add/OpenBSD/x509.pm index 7dc5b0f0bdc..309619feb72 100644 --- a/usr.sbin/pkg_add/OpenBSD/x509.pm +++ b/usr.sbin/pkg_add/OpenBSD/x509.pm @@ -1,5 +1,5 @@ # ex:ts=8 sw=4: -# $OpenBSD: x509.pm,v 1.8 2010/06/30 10:51:04 espie Exp $ +# $OpenBSD: x509.pm,v 1.9 2010/07/15 13:38:30 espie Exp $ # # Copyright (c) 2003-2007 Marc Espie <espie@openbsd.org> # @@ -79,11 +79,12 @@ sub print_certificate_info sub system_quiet { + my $fh = shift; my $r = fork; if (!defined $r) { return 1; } elsif ($r == 0) { - open STDERR, ">/dev/null"; + open STDERR, ">&", $fh; exec {$_[0]} @_ or return 1; } else { waitpid($r, 0); @@ -105,17 +106,28 @@ sub check_signature print $fh2 decode_base64($sig->{b64sig}); close $fh; close $fh2; - if (system_quiet (OpenBSD::Paths->openssl, "smime", "-verify", + my ($fh3, $fname3) = mkstemp("/tmp/commandresult.XXXXXXXXX"); + if (system_quiet ($fh3, OpenBSD::Paths->openssl, "smime", "-verify", "-binary", "-inform", "DEM", "-in", $fname2, "-content", $fname, "-CAfile", OpenBSD::Paths->pkgca, "-out", "/dev/null") != 0) { + close($fh3); $state->log("Bad signature"); + open $fh3, '<', $fname3; + while (<$fh3>) { + chomp; + $state->log("#1", $_); + } + close($fh3); + unlink $fname3; return 0; } if ($state->verbose >= 2) { dump_certificate_info($fname2); } + close($fh3); unlink $fname; unlink $fname2; + unlink $fname3; return 1; } |