diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-12-10 15:23:41 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-01-13 11:53:15 +0100 |
| commit | ec2bfb7d23b4790a5fbe3b5d73a3418966d7e8ad (patch) | |
| tree | 6933e942381aa061e6a61b4e5a375098294c88fc /apps/ca.c | |
| parent | f2a0458731f15fd4d45f5574a221177f4591b1d8 (diff) | |
apps/{req,x509,ca}.c Make sure certs have SKID and AKID X.509 extensions by default
Fixes #13603
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13658)
Diffstat (limited to 'apps/ca.c')
| -rwxr-xr-x | apps/ca.c | 5 |
1 files changed, 2 insertions, 3 deletions
@@ -1482,6 +1482,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, OPENSSL_STRING *irow = NULL; OPENSSL_STRING *rrow = NULL; char buf[25]; + X509V3_CTX ext_ctx; for (i = 0; i < DB_NUMBER; i++) row[i] = NULL; @@ -1699,8 +1700,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, /* Lets add the extensions, if there are any */ if (ext_sect) { - X509V3_CTX ext_ctx; - /* Initialize the context structure */ X509V3_set_ctx(&ext_ctx, selfsign ? ret : x509, ret, req, NULL, X509V3_CTX_REPLACE); @@ -1903,7 +1902,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, !EVP_PKEY_missing_parameters(pkey)) EVP_PKEY_copy_parameters(pktmp, pkey); - if (!do_X509_sign(ret, pkey, dgst, sigopts)) + if (!do_X509_sign(ret, pkey, dgst, sigopts, &ext_ctx)) goto end; /* We now just add it to the database as DB_TYPE_VAL('V') */ |