diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-05-30 16:53:05 +0200 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2022-07-14 07:23:58 +0100 |
commit | ec8a3409487c871b440fa52bff7c3ef33378494a (patch) | |
tree | 0a6b5b97453598924479be779e8004d68796a83b /apps/x509.c | |
parent | 10c7887330bb6ca136cd16fe081639f4462a072e (diff) |
APPS/x509: With -CA but both -CAserial and -CAcreateserial not given, use random serial.
Also improve openssl-x509.pod.in and error handling of load_serial() in apps.c.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18373)
Diffstat (limited to 'apps/x509.c')
-rw-r--r-- | apps/x509.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/apps/x509.c b/apps/x509.c index 182730be96..ee7bbe471b 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -535,7 +535,7 @@ int x509_main(int argc, char **argv) aliasout = ++num; break; case OPT_CACREATESERIAL: - CA_createserial = ++num; + CA_createserial = 1; break; case OPT_CLREXT: clrext = 1; @@ -1097,6 +1097,7 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile, char *buf = NULL; ASN1_INTEGER *bs = NULL; BIGNUM *serial = NULL; + int defaultfile = 0, file_exists; if (serialfile == NULL) { const char *p = strrchr(CAfile, '.'); @@ -1106,9 +1107,10 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile, memcpy(buf, CAfile, len); memcpy(buf + len, POSTFIX, sizeof(POSTFIX)); serialfile = buf; + defaultfile = 1; } - serial = load_serial(serialfile, create, NULL); + serial = load_serial(serialfile, &file_exists, create || defaultfile, NULL); if (serial == NULL) goto end; @@ -1117,8 +1119,10 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile, goto end; } - if (!save_serial(serialfile, NULL, serial, &bs)) - goto end; + if (file_exists || create) + save_serial(serialfile, NULL, serial, &bs); + else + bs = BN_to_ASN1_INTEGER(serial, NULL); end: OPENSSL_free(buf); |