summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortb <>2022-08-18 16:26:33 +0000
committertb <>2022-08-18 16:26:33 +0000
commit271843b081a9e280d513ad0aa65feffebe6cbcde (patch)
treef9aa507532dc905fd78384374d8e31e5900d80c2
parente9f16d803a9f3bad60b4a0b70ae1fe2b4a1614a6 (diff)
downloadopenbsd-271843b081a9e280d513ad0aa65feffebe6cbcde.tar.gz
openbsd-271843b081a9e280d513ad0aa65feffebe6cbcde.tar.bz2
openbsd-271843b081a9e280d513ad0aa65feffebe6cbcde.zip
Allow empty attribute sets in CSRs
While each attribute must contain at least one extension, it is not required that a CSR have attributes at all. Instead of signalling an error by returning NULL if no extensions are found, return an empty stack of extensions. Via OpenSSL 1f02ca2d ok jsing
Diffstat
-rw-r--r--src/lib/libcrypto/x509/x509_req.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
index 8d5bf58509..c0a2a64a0b 100644
--- a/src/lib/libcrypto/x509/x509_req.c
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_req.c,v 1.28 2022/01/22 00:34:48 inoguchi Exp $ */ 1/* $OpenBSD: x509_req.c,v 1.29 2022/08/18 16:26:33 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -224,7 +224,9 @@ X509_REQ_get_extensions(X509_REQ *req)
224 ext = X509_ATTRIBUTE_get0_type(attr, 0); 224 ext = X509_ATTRIBUTE_get0_type(attr, 0);
225 break; 225 break;
226 } 226 }
227 if (ext == NULL || ext->type != V_ASN1_SEQUENCE) 227 if (ext == NULL)
228 return sk_X509_EXTENSION_new_null();
229 if (ext->type != V_ASN1_SEQUENCE)
228 return NULL; 230 return NULL;
229 p = ext->value.sequence->data; 231 p = ext->value.sequence->data;
230 return d2i_X509_EXTENSIONS(NULL, &p, ext->value.sequence->length); 232 return d2i_X509_EXTENSIONS(NULL, &p, ext->value.sequence->length);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 01:08:13 +0000