[openssl] master update
tomas at openssl.org
tomas at openssl.org
Fri Apr 9 09:26:13 UTC 2021
The branch master has been updated
via d3a5898a7f4980bc0fa6345c408f88007573c405 (commit)
from 4c979cbeeb9792b170670fa15e29d077597e7ee0 (commit)
- Log -----------------------------------------------------------------
commit d3a5898a7f4980bc0fa6345c408f88007573c405
Author: Dave Coombs <dcoombs at carillon.ca>
Date: Tue Apr 6 12:49:21 2021 -0400
crl2pkcs7 shouldn't include empty optional sets
If using crl2pkcs7 -nocrl and with no -certfiles, we shouldn't include
the implicitly tagged [0] certs and [1] crls sets as they are marked
optional and would be empty.
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14781)
-----------------------------------------------------------------------
Summary of changes:
apps/crl2p7.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index 577d80fa49..565384944e 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -134,19 +134,20 @@ int crl2pkcs7_main(int argc, char **argv)
if (!ASN1_INTEGER_set(p7s->version, 1))
goto end;
- if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
- goto end;
- p7s->crl = crl_stack;
+
if (crl != NULL) {
+ if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
+ goto end;
+ p7s->crl = crl_stack;
sk_X509_CRL_push(crl_stack, crl);
crl = NULL; /* now part of p7 for OPENSSL_freeing */
}
- if ((cert_stack = sk_X509_new_null()) == NULL)
- goto end;
- p7s->cert = cert_stack;
+ if (certflst != NULL) {
+ if ((cert_stack = sk_X509_new_null()) == NULL)
+ goto end;
+ p7s->cert = cert_stack;
- if (certflst != NULL)
for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
certfile = sk_OPENSSL_STRING_value(certflst, i);
if (add_certs_from_file(cert_stack, certfile) < 0) {
@@ -155,6 +156,7 @@ int crl2pkcs7_main(int argc, char **argv)
goto end;
}
}
+ }
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
More information about the openssl-commits
mailing list