diff options
| -rw-r--r-- | src/usr.bin/openssl/ca.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c index c6230dce5c..1d28532ed3 100644 --- a/src/usr.bin/openssl/ca.c +++ b/src/usr.bin/openssl/ca.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ca.c,v 1.46 2021/09/05 01:33:18 inoguchi Exp $ */ | 1 | /* $OpenBSD: ca.c,v 1.47 2021/09/05 01:49:42 inoguchi Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1746,6 +1746,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 1746 | OPENSSL_STRING row[DB_NUMBER]; | 1746 | OPENSSL_STRING row[DB_NUMBER]; |
| 1747 | OPENSSL_STRING *irow = NULL; | 1747 | OPENSSL_STRING *irow = NULL; |
| 1748 | OPENSSL_STRING *rrow = NULL; | 1748 | OPENSSL_STRING *rrow = NULL; |
| 1749 | const STACK_OF(X509_EXTENSION) *exts; | ||
| 1749 | 1750 | ||
| 1750 | *xret = NULL; | 1751 | *xret = NULL; |
| 1751 | 1752 | ||
| @@ -2015,9 +2016,6 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 2015 | if (ext_sect != NULL) { | 2016 | if (ext_sect != NULL) { |
| 2016 | X509V3_CTX ctx; | 2017 | X509V3_CTX ctx; |
| 2017 | 2018 | ||
| 2018 | if (!X509_set_version(ret, 2)) | ||
| 2019 | goto err; | ||
| 2020 | |||
| 2021 | /* Initialize the context structure */ | 2019 | /* Initialize the context structure */ |
| 2022 | if (selfsign) | 2020 | if (selfsign) |
| 2023 | X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0); | 2021 | X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0); |
| @@ -2063,14 +2061,21 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 2063 | "Successfully added extensions from config\n"); | 2061 | "Successfully added extensions from config\n"); |
| 2064 | } | 2062 | } |
| 2065 | } | 2063 | } |
| 2066 | /* Copy extensions from request (if any) */ | ||
| 2067 | 2064 | ||
| 2065 | /* Copy extensions from request (if any) */ | ||
| 2068 | if (!copy_extensions(ret, req, ext_copy)) { | 2066 | if (!copy_extensions(ret, req, ext_copy)) { |
| 2069 | BIO_printf(bio_err, "ERROR: adding extensions from request\n"); | 2067 | BIO_printf(bio_err, "ERROR: adding extensions from request\n"); |
| 2070 | ERR_print_errors(bio_err); | 2068 | ERR_print_errors(bio_err); |
| 2071 | goto err; | 2069 | goto err; |
| 2072 | } | 2070 | } |
| 2073 | 2071 | ||
| 2072 | exts = X509_get0_extensions(ret); | ||
| 2073 | if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0) { | ||
| 2074 | /* Make it an X509 v3 certificate. */ | ||
| 2075 | if (!X509_set_version(ret, 2)) | ||
| 2076 | goto err; | ||
| 2077 | } | ||
| 2078 | |||
| 2074 | if (verbose) | 2079 | if (verbose) |
| 2075 | BIO_printf(bio_err, | 2080 | BIO_printf(bio_err, |
| 2076 | "The subject name appears to be ok, checking data base for clashes\n"); | 2081 | "The subject name appears to be ok, checking data base for clashes\n"); |