diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-08-27 11:34:23 +0200 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-11-08 09:15:13 +0100 |
commit | 9bf1061c44c81059102cd4749f6078b6ce71da9d (patch) | |
tree | e79e5c54b5d979cef00e9b174fc65e2ffee0add5 /apps/x509.c | |
parent | 03ee2e5b1ecd1832d99d07fc459ecf62f5a0b168 (diff) |
APPS/x509: Fix generation of AKID via v2i_AUTHORITY_KEYID()
Fixes #16300
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16442)
Diffstat (limited to 'apps/x509.c')
-rw-r--r-- | apps/x509.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/apps/x509.c b/apps/x509.c index 1f8a157c0e..b88fb4f5ea 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -822,7 +822,12 @@ int x509_main(int argc, char **argv) goto end; } - X509V3_set_ctx(&ext_ctx, issuer_cert, x, req, NULL, X509V3_CTX_REPLACE); + X509V3_set_ctx(&ext_ctx, issuer_cert, x, NULL, NULL, X509V3_CTX_REPLACE); + /* prepare fallback for AKID, but only if issuer cert equals subject cert */ + if (CAfile == NULL) { + if (!X509V3_set_issuer_pkey(&ext_ctx, privkey)) + goto end; + } if (extconf != NULL && !x509toreq) { X509V3_set_nconf(&ext_ctx, extconf); if (!X509V3_EXT_add_nconf(extconf, &ext_ctx, extsect, x)) { |