[openssl] master update
dev at ddvo.net
dev at ddvo.net
Thu Aug 26 15:44:18 UTC 2021
The branch master has been updated
via b4fec69b2a8b5b93ec0e2603e4d27e5d722b87fc (commit)
from 78539b250b05d0721da775bf4eddc096bde5ecaa (commit)
- Log -----------------------------------------------------------------
commit b4fec69b2a8b5b93ec0e2603e4d27e5d722b87fc
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Wed Aug 25 08:35:40 2021 +0200
APPS/x509: fix -extfile option, which was ignored with -x509toreq
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16417)
-----------------------------------------------------------------------
Summary of changes:
apps/x509.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/apps/x509.c b/apps/x509.c
index e9a45e4d8f..7236972c5b 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -190,9 +190,7 @@ static void warn_copying(ASN1_OBJECT *excluded, const char *names)
sn);
}
-static X509_REQ *x509_to_req(X509 *cert, EVP_PKEY *pkey, const char *digest,
- STACK_OF(OPENSSL_STRING) *sigopts,
- int ext_copy, const char *names)
+static X509_REQ *x509_to_req(X509 *cert, int ext_copy, const char *names)
{
const STACK_OF(X509_EXTENSION) *cert_exts = X509_get0_extensions(cert);
int i, n = sk_X509_EXTENSION_num(cert_exts /* may be NULL */);
@@ -228,8 +226,6 @@ static X509_REQ *x509_to_req(X509 *cert, EVP_PKEY *pkey, const char *digest,
goto err;
}
}
- if (!do_X509_REQ_sign(req, pkey, digest, sigopts))
- goto err;
sk_X509_EXTENSION_free(exts);
return req;
@@ -804,7 +800,7 @@ int x509_main(int argc, char **argv)
}
X509V3_set_ctx(&ext_ctx, issuer_cert, x, req, NULL, X509V3_CTX_REPLACE);
- if (extconf != NULL) {
+ if (extconf != NULL && !x509toreq) {
X509V3_set_nconf(&ext_ctx, extconf);
if (!X509V3_EXT_add_nconf(extconf, &ext_ctx, extsect, x)) {
BIO_printf(bio_err,
@@ -830,8 +826,17 @@ int x509_main(int argc, char **argv)
BIO_printf(bio_err, "Must not use -clrext together with -copy_extensions\n");
goto end;
}
- if ((rq = x509_to_req(x, privkey, digest, sigopts,
- ext_copy, ext_names)) == NULL)
+ if ((rq = x509_to_req(x, ext_copy, ext_names)) == NULL)
+ goto end;
+ if (extconf != NULL) {
+ X509V3_set_nconf(&ext_ctx, extconf);
+ if (!X509V3_EXT_REQ_add_nconf(extconf, &ext_ctx, extsect, rq)) {
+ BIO_printf(bio_err,
+ "Error adding request extensions from section %s\n", extsect);
+ goto end;
+ }
+ }
+ if (!do_X509_REQ_sign(rq, privkey, digest, sigopts))
goto end;
if (!noout) {
if (outformat == FORMAT_ASN1) {
More information about the openssl-commits
mailing list