[openssl] OpenSSL_1_1_1-stable update

tomas at openssl.org tomas at openssl.org
Fri Apr 9 09:27:04 UTC 2021


The branch OpenSSL_1_1_1-stable has been updated
       via  f82f5392f39797c1cf3a5d114c0125f121b0f769 (commit)
      from  ee97c0e3da1222b12afd4c50b43369b4b7014026 (commit)


- Log -----------------------------------------------------------------
commit f82f5392f39797c1cf3a5d114c0125f121b0f769
Author: Dave Coombs <dcoombs at carillon.ca>
Date:   Tue Apr 6 12:49:21 2021 -0400

    crl2pkcs7 shouldn't include empty optional sets
    
    If using crl2pkcs7 -nocrl and with no -certfiles, we shouldn't include
    the implicitly tagged [0] certs and [1] crls sets as they are marked
    optional and would be empty.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14781)
    
    (cherry picked from commit d3a5898a7f4980bc0fa6345c408f88007573c405)

-----------------------------------------------------------------------

Summary of changes:
 apps/crl2p7.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index 88fabcb22c..9edfabbc15 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -120,19 +120,20 @@ int crl2pkcs7_main(int argc, char **argv)
 
     if (!ASN1_INTEGER_set(p7s->version, 1))
         goto end;
-    if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
-        goto end;
-    p7s->crl = crl_stack;
+
     if (crl != NULL) {
+        if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
+            goto end;
+        p7s->crl = crl_stack;
         sk_X509_CRL_push(crl_stack, crl);
         crl = NULL;             /* now part of p7 for OPENSSL_freeing */
     }
 
-    if ((cert_stack = sk_X509_new_null()) == NULL)
-        goto end;
-    p7s->cert = cert_stack;
+    if (certflst != NULL) {
+        if ((cert_stack = sk_X509_new_null()) == NULL)
+            goto end;
+        p7s->cert = cert_stack;
 
-    if (certflst != NULL)
         for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
             certfile = sk_OPENSSL_STRING_value(certflst, i);
             if (add_certs_from_file(cert_stack, certfile) < 0) {
@@ -141,6 +142,7 @@ int crl2pkcs7_main(int argc, char **argv)
                 goto end;
             }
         }
+    }
 
     out = bio_open_default(outfile, 'w', outformat);
     if (out == NULL)


More information about the openssl-commits mailing list