apps: silent warning when loading CSR files with vfyopt option

When verifying or signing a CSR file with the -vfyopt option, a warning message similar to the following will appear: Warning: CSR self-signature does not match the contents This happens especially when the SM2 algorithm is used and the distid parameter is added. Pass the vfyopts parameter to the do_X509_REQ_verify() function to eliminate the warning message. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20799)
author: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> 2023-04-21 11:06:21 +0800
committer: Tomas Mraz <tomas@openssl.org> 2023-05-03 09:48:17 +0200
commit: a75f707fcaaed5c9b26e0ddfc0e0529957a11a1d (patch)
tree: 1fd68e3591800af1a7ee2038886ea38c8770fdac /apps/ca.c
parent: a8eb81ccd2d3daeb92c0842a02dc688eae298250 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/ca.c b/apps/ca.c
index 50bb944969..5952e3320f 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1375,7 +1375,7 @@ static int certify(X509 **xret, const char *infile, int informat,
     EVP_PKEY *pktmp = NULL;
     int ok = -1, i;
 
-    req = load_csr_autofmt(infile, informat, "certificate request");
+    req = load_csr_autofmt(infile, informat, vfyopts, "certificate request");
     if (req == NULL)
         goto end;
     if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) {
author	Tianjia Zhang <tianjia.zhang@linux.alibaba.com>	2023-04-21 11:06:21 +0800
committer	Tomas Mraz <tomas@openssl.org>	2023-05-03 09:48:17 +0200
commit	a75f707fcaaed5c9b26e0ddfc0e0529957a11a1d (patch)
tree	1fd68e3591800af1a7ee2038886ea38c8770fdac /apps/ca.c
parent	a8eb81ccd2d3daeb92c0842a02dc688eae298250 (diff)