APPS/x509: Fix generation of AKID via v2i_AUTHORITY_KEYID()

Fixes #16300 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16442)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2021-08-27 11:34:23 +0200
committer: Dr. David von Oheimb <dev@ddvo.net> 2021-11-08 09:15:13 +0100
commit: 9bf1061c44c81059102cd4749f6078b6ce71da9d (patch)
tree: e79e5c54b5d979cef00e9b174fc65e2ffee0add5 /apps/x509.c
parent: 03ee2e5b1ecd1832d99d07fc459ecf62f5a0b168 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/apps/x509.c b/apps/x509.c
index 1f8a157c0e..b88fb4f5ea 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -822,7 +822,12 @@ int x509_main(int argc, char **argv)
             goto end;
     }
 
-    X509V3_set_ctx(&ext_ctx, issuer_cert, x, req, NULL, X509V3_CTX_REPLACE);
+    X509V3_set_ctx(&ext_ctx, issuer_cert, x, NULL, NULL, X509V3_CTX_REPLACE);
+    /* prepare fallback for AKID, but only if issuer cert equals subject cert */
+    if (CAfile == NULL) {
+        if (!X509V3_set_issuer_pkey(&ext_ctx, privkey))
+            goto end;
+    }
     if (extconf != NULL && !x509toreq) {
         X509V3_set_nconf(&ext_ctx, extconf);
         if (!X509V3_EXT_add_nconf(extconf, &ext_ctx, extsect, x)) {
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2021-08-27 11:34:23 +0200
committer	Dr. David von Oheimb <dev@ddvo.net>	2021-11-08 09:15:13 +0100
commit	9bf1061c44c81059102cd4749f6078b6ce71da9d (patch)
tree	e79e5c54b5d979cef00e9b174fc65e2ffee0add5 /apps/x509.c
parent	03ee2e5b1ecd1832d99d07fc459ecf62f5a0b168 (diff)