[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Tue Sep 26 09:05:58 UTC 2017
The branch master has been updated
via 4881d849da23528e19b7312f963d28916d9804b1 (commit)
from 28c0a61b3084ca05d1c590113332501e96b6175d (commit)
- Log -----------------------------------------------------------------
commit 4881d849da23528e19b7312f963d28916d9804b1
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Sep 26 10:46:10 2017 +0200
Make sure that a cert with extensions gets version number 2 (v3)
Fixes #4419
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4420)
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/apps/ca.c b/apps/ca.c
index 976f6bb..3bcbcbb 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1735,7 +1735,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/* Lets add the extensions, if there are any */
if (ext_sect) {
X509V3_CTX ctx;
- X509_set_version(ret, 2);
/* Initialize the context structure */
if (selfsign)
@@ -1790,6 +1789,15 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto end;
}
+ {
+ const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(ret);
+
+ if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0)
+ /* Make it an X509 v3 certificate. */
+ if (!X509_set_version(ret, 2))
+ goto end;
+ }
+
/* Set the right value for the noemailDN option */
if (email_dn == 0) {
if (!X509_set_subject_name(ret, dn_subject))
More information about the openssl-commits
mailing list