diff options
| author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2024-02-23 10:32:14 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-04-02 17:37:45 +0200 |
| commit | 845e6824098cd0845c85af0f19afc904b8f48111 (patch) | |
| tree | f6892bf10805ec351b4a4dbee4a07283197bbdf9 | |
| parent | c3a008ea937e5a052d06a3576c5c7583033f0c6c (diff) | |
Fix openssl req with -addext subjectAltName=dirName
The syntax check of the -addext fails because the
X509V3_CTX is used to lookup the referenced section,
but the wrong configuration file is used, where only
a default section with all passed in -addext lines is available.
Thus it was not possible to use the subjectAltName=dirName:section
as an -addext parameter. Probably other extensions as well.
This change affects only the syntax check, the real extension
was already created with correct parameters.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23669)
(cherry picked from commit 387418893e45e588d1cbd4222549b5113437c9ab)
| -rw-r--r-- | apps/req.c | 2 | ||||
| -rw-r--r-- | test/recipes/25-test_req.t | 3 | ||||
| -rw-r--r-- | test/test.cnf | 6 |
3 files changed, 9 insertions, 2 deletions
diff --git a/apps/req.c b/apps/req.c index c7d4c7822c..2fc53d4bfc 100644 --- a/apps/req.c +++ b/apps/req.c @@ -569,7 +569,7 @@ int req_main(int argc, char **argv) X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); - X509V3_set_nconf(&ctx, addext_conf); + X509V3_set_nconf(&ctx, req_conf); if (!X509V3_EXT_add_nconf(addext_conf, &ctx, "default", NULL)) { BIO_printf(bio_err, "Error checking extensions defined using -addext\n"); goto end; diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index fe02d29c63..932635f4b2 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_req"); -plan tests => 49; +plan tests => 50; require_ok(srctop_file('test', 'recipes', 'tconversion.pl')); @@ -53,6 +53,7 @@ ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2]))); ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3]))); ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3]))); ok(run(app([@addext_args, "-addext", "SXNetID=1:one, 2:two, 3:three"]))); +ok(run(app([@addext_args, "-addext", "subjectAltName=dirName:dirname_sec"]))); # If a CSR is provided with neither of -key or -CA/-CAkey, this should fail. ok(!run(app(["openssl", "req", "-x509", diff --git a/test/test.cnf b/test/test.cnf index 8b2f92ad8e..8f68982a9f 100644 --- a/test/test.cnf +++ b/test/test.cnf @@ -72,3 +72,9 @@ commonName = CN field commonName_value = Eric Young emailAddress = email field emailAddress_value = eay@mincom.oz.au + +[ dirname_sec ] +C = UK +O = My Organization +OU = My Unit +CN = My Name |