[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Richard Levitte
levitte at openssl.org
Tue Sep 26 09:06:43 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via 64aa3d080ed66bd4e1829120312f5a840807c856 (commit)
from 4c9a6a390326038dfe4a3bd3453cb1aa23d33747 (commit)
- Log -----------------------------------------------------------------
commit 64aa3d080ed66bd4e1829120312f5a840807c856
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Sep 26 10:46:10 2017 +0200
Make sure that a cert with extensions gets version number 2 (v3)
Fixes #4419
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4420)
(cherry picked from commit 4881d849da23528e19b7312f963d28916d9804b1)
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/apps/ca.c b/apps/ca.c
index 350a748..3b2afd6 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1719,7 +1719,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/* Lets add the extensions, if there are any */
if (ext_sect) {
X509V3_CTX ctx;
- X509_set_version(ret, 2);
/* Initialize the context structure */
if (selfsign)
@@ -1774,6 +1773,15 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto end;
}
+ {
+ const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(ret);
+
+ if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0)
+ /* Make it an X509 v3 certificate. */
+ if (!X509_set_version(ret, 2))
+ goto end;
+ }
+
/* Set the right value for the noemailDN option */
if (email_dn == 0) {
if (!X509_set_subject_name(ret, dn_subject))
More information about the openssl-commits
mailing list