[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Richard Levitte levitte at openssl.org
Thu Jun 21 05:00:17 UTC 2018 

The branch OpenSSL_1_1_0-stable has been updated
       via  56c91e6dda3252b40396fcecd4005a823a8c7bf5 (commit)
      from  c35608e5422d2718868d88439e22369d4aabb7c6 (commit)


- Log -----------------------------------------------------------------
commit 56c91e6dda3252b40396fcecd4005a823a8c7bf5
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Jun 21 06:24:33 2018 +0200

    openssl ca: open the output file as late as possible
    
    Fixes #6544
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/6546)
    
    (cherry picked from commit 63871d9f810fec1e8a441d82c9ac79c58b19e2ad)

-----------------------------------------------------------------------

Summary of changes:
 apps/ca.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/apps/ca.c b/apps/ca.c
index fe9d29b..c69a2b5 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -729,10 +729,6 @@ end_of_options:
             output_der = 1;
             batch = 1;
         }
-        Sout = bio_open_default(outfile, 'w',
-                                output_der ? FORMAT_ASN1 : FORMAT_TEXT);
-        if (Sout == NULL)
-            goto end;
     }
 
     if (md == NULL
@@ -1020,6 +1016,11 @@ end_of_options:
             if (verbose)
                 BIO_printf(bio_err, "writing %s\n", buf[2]);
 
+            Sout = bio_open_default(outfile, 'w',
+                                    output_der ? FORMAT_ASN1 : FORMAT_TEXT);
+            if (Sout == NULL)
+                goto end;
+
             Cout = BIO_new_file(buf[2], "w");
             if (Cout == NULL) {
                 perror(buf[2]);
@@ -1028,6 +1029,8 @@ end_of_options:
             write_new_certificate(Cout, xi, 0, notext);
             write_new_certificate(Sout, xi, output_der, notext);
             BIO_free_all(Cout);
+            BIO_free_all(Sout);
+            Sout = NULL;
         }
 
         if (sk_X509_num(cert_sk)) {
@@ -1176,6 +1179,11 @@ end_of_options:
         if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts))
             goto end;
 
+        Sout = bio_open_default(outfile, 'w',
+                                output_der ? FORMAT_ASN1 : FORMAT_TEXT);
+        if (Sout == NULL)
+            goto end;
+
         PEM_write_bio_X509_CRL(Sout, crl);
 
         if (crlnumberfile != NULL) /* Rename the crlnumber file */

More information about the openssl-commits mailing list