diff options
author | Tianjia Zhang <tianjia.zhang@linux.alibaba.com> | 2023-04-21 11:06:21 +0800 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-05-03 09:48:17 +0200 |
commit | a75f707fcaaed5c9b26e0ddfc0e0529957a11a1d (patch) | |
tree | 1fd68e3591800af1a7ee2038886ea38c8770fdac /apps/ca.c | |
parent | a8eb81ccd2d3daeb92c0842a02dc688eae298250 (diff) |
apps: silent warning when loading CSR files with vfyopt option
When verifying or signing a CSR file with the -vfyopt option,
a warning message similar to the following will appear:
Warning: CSR self-signature does not match the contents
This happens especially when the SM2 algorithm is used and the
distid parameter is added. Pass the vfyopts parameter to the
do_X509_REQ_verify() function to eliminate the warning message.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20799)
Diffstat (limited to 'apps/ca.c')
-rw-r--r-- | apps/ca.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1375,7 +1375,7 @@ static int certify(X509 **xret, const char *infile, int informat, EVP_PKEY *pktmp = NULL; int ok = -1, i; - req = load_csr_autofmt(infile, informat, "certificate request"); + req = load_csr_autofmt(infile, informat, vfyopts, "certificate request"); if (req == NULL) goto end; if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) { |