diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-12-10 21:02:47 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-01-13 11:53:15 +0100 |
commit | 157959438308e586593592cc751195fbf3930a7d (patch) | |
tree | 16894ebf050450cd8245293e51f933981aeaea81 /apps/req.c | |
parent | ec2bfb7d23b4790a5fbe3b5d73a3418966d7e8ad (diff) |
APPS: Allow OPENSSL_CONF to be empty, not loading a config file
Also document the function CONF_get1_default_config_file()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13658)
Diffstat (limited to 'apps/req.c')
-rw-r--r-- | apps/req.c | 40 |
1 files changed, 12 insertions, 28 deletions
diff --git a/apps/req.c b/apps/req.c index 5a065ad843..b645cc1039 100644 --- a/apps/req.c +++ b/apps/req.c @@ -466,9 +466,7 @@ int req_main(int argc, char **argv) goto end; } - if (verbose) - BIO_printf(bio_err, "Using configuration from %s\n", template); - if ((req_conf = app_load_config(template)) == NULL) + if ((req_conf = app_load_config_verbose(template, verbose)) == NULL) goto end; if (addext_bio != NULL) { if (verbose) @@ -635,7 +633,7 @@ int req_main(int argc, char **argv) if (genctx == NULL) { genctx = set_keygen_ctx(NULL, &pkey_type, &newkey, &keyalgstr, gen_eng); - if (!genctx) + if (genctx == NULL) goto end; } @@ -645,7 +643,6 @@ int req_main(int argc, char **argv) genopt = sk_OPENSSL_STRING_value(pkeyopts, i); if (pkey_ctrl_string(genctx, genopt) <= 0) { BIO_printf(bio_err, "parameter error \"%s\"\n", genopt); - ERR_print_errors(bio_err); goto end; } } @@ -743,7 +740,6 @@ int req_main(int argc, char **argv) if ((x509ss = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL) goto end; - /* Set version to V3 */ if (serial != NULL) { if (!X509_set_serialNumber(x509ss, serial)) goto end; @@ -768,7 +764,6 @@ int req_main(int argc, char **argv) goto end; /* Set up V3 context struct */ - X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, X509V3_CTX_REPLACE); X509V3_set_nconf(&ext_ctx, req_conf); @@ -797,10 +792,8 @@ int req_main(int argc, char **argv) } i = do_X509_sign(x509ss, pkey, digest, sigopts, &ext_ctx); - if (!i) { - ERR_print_errors(bio_err); + if (!i) goto end; - } } else { X509V3_CTX ext_ctx; @@ -824,10 +817,8 @@ int req_main(int argc, char **argv) goto end; } i = do_X509_REQ_sign(req, pkey, digest, sigopts); - if (!i) { - ERR_print_errors(bio_err); + if (!i) goto end; - } } } @@ -893,7 +884,6 @@ int req_main(int argc, char **argv) if (tpubkey == NULL) { BIO_printf(bio_err, "Error getting public key\n"); - ERR_print_errors(bio_err); goto end; } PEM_write_bio_PUBKEY(out, tpubkey); @@ -911,7 +901,6 @@ int req_main(int argc, char **argv) else BIO_printf(bio_err, "Error printing certificate request\n"); - ERR_print_errors(bio_err); goto end; } } @@ -1008,7 +997,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, { int ret = 0, i; char no_prompt = 0; - STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL; + STACK_OF(CONF_VALUE) *dn_sk = NULL, *attr_sk = NULL; char *tmp, *dn_sect, *attr_sect; tmp = NCONF_get_string(req_conf, section, PROMPT); @@ -1019,20 +1008,18 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, dn_sect = NCONF_get_string(req_conf, section, DISTINGUISHED_NAME); if (dn_sect == NULL) { - BIO_printf(bio_err, "unable to find '%s' in config\n", - DISTINGUISHED_NAME); - goto err; - } - dn_sk = NCONF_get_section(req_conf, dn_sect); - if (dn_sk == NULL) { - BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect); - goto err; + ERR_clear_error(); + } else { + dn_sk = NCONF_get_section(req_conf, dn_sect); + if (dn_sk == NULL) { + BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect); + goto err; + } } attr_sect = NCONF_get_string(req_conf, section, ATTRIBUTES); if (attr_sect == NULL) { ERR_clear_error(); - attr_sk = NULL; } else { attr_sk = NCONF_get_section(req_conf, attr_sect); if (attr_sk == NULL) { @@ -1583,20 +1570,17 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, if (gctx == NULL) { BIO_puts(bio_err, "Error allocating keygen context\n"); - ERR_print_errors(bio_err); return NULL; } if (EVP_PKEY_keygen_init(gctx) <= 0) { BIO_puts(bio_err, "Error initializing keygen context\n"); - ERR_print_errors(bio_err); EVP_PKEY_CTX_free(gctx); return NULL; } if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) { if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) { BIO_puts(bio_err, "Error setting RSA keysize\n"); - ERR_print_errors(bio_err); EVP_PKEY_CTX_free(gctx); return NULL; } |