diff options
author | Tianjia Zhang <tianjia.zhang@linux.alibaba.com> | 2023-04-21 11:06:21 +0800 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-05-03 09:48:17 +0200 |
commit | a75f707fcaaed5c9b26e0ddfc0e0529957a11a1d (patch) | |
tree | 1fd68e3591800af1a7ee2038886ea38c8770fdac /apps/include | |
parent | a8eb81ccd2d3daeb92c0842a02dc688eae298250 (diff) |
apps: silent warning when loading CSR files with vfyopt option
When verifying or signing a CSR file with the -vfyopt option,
a warning message similar to the following will appear:
Warning: CSR self-signature does not match the contents
This happens especially when the SM2 algorithm is used and the
distid parameter is added. Pass the vfyopts parameter to the
do_X509_REQ_verify() function to eliminate the warning message.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20799)
Diffstat (limited to 'apps/include')
-rw-r--r-- | apps/include/apps.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/apps/include/apps.h b/apps/include/apps.h index e603d07868..b48937a8c2 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -114,7 +114,8 @@ char *get_passwd(const char *pass, const char *desc); int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2); int add_oid_section(CONF *conf); X509_REQ *load_csr(const char *file, int format, const char *desc); -X509_REQ *load_csr_autofmt(const char *infile, int format, const char *desc); +X509_REQ *load_csr_autofmt(const char *infile, int format, + STACK_OF(OPENSSL_STRING) *vfyopts, const char *desc); X509 *load_cert_pass(const char *uri, int format, int maybe_stdin, const char *pass, const char *desc); # define load_cert(uri, format, desc) load_cert_pass(uri, format, 1, NULL, desc) |