diff options
author | Dave Coombs <dcoombs@carillon.ca> | 2021-04-06 12:49:21 -0400 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-04-09 11:26:54 +0200 |
commit | f82f5392f39797c1cf3a5d114c0125f121b0f769 (patch) | |
tree | ff52ecec6d9e640b5f94c90220fbd2b27e9bc7f7 /apps | |
parent | ee97c0e3da1222b12afd4c50b43369b4b7014026 (diff) |
crl2pkcs7 shouldn't include empty optional sets
If using crl2pkcs7 -nocrl and with no -certfiles, we shouldn't include
the implicitly tagged [0] certs and [1] crls sets as they are marked
optional and would be empty.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14781)
(cherry picked from commit d3a5898a7f4980bc0fa6345c408f88007573c405)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/crl2p7.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/apps/crl2p7.c b/apps/crl2p7.c index 88fabcb22c..9edfabbc15 100644 --- a/apps/crl2p7.c +++ b/apps/crl2p7.c @@ -120,19 +120,20 @@ int crl2pkcs7_main(int argc, char **argv) if (!ASN1_INTEGER_set(p7s->version, 1)) goto end; - if ((crl_stack = sk_X509_CRL_new_null()) == NULL) - goto end; - p7s->crl = crl_stack; + if (crl != NULL) { + if ((crl_stack = sk_X509_CRL_new_null()) == NULL) + goto end; + p7s->crl = crl_stack; sk_X509_CRL_push(crl_stack, crl); crl = NULL; /* now part of p7 for OPENSSL_freeing */ } - if ((cert_stack = sk_X509_new_null()) == NULL) - goto end; - p7s->cert = cert_stack; + if (certflst != NULL) { + if ((cert_stack = sk_X509_new_null()) == NULL) + goto end; + p7s->cert = cert_stack; - if (certflst != NULL) for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) { certfile = sk_OPENSSL_STRING_value(certflst, i); if (add_certs_from_file(cert_stack, certfile) < 0) { @@ -141,6 +142,7 @@ int crl2pkcs7_main(int argc, char **argv) goto end; } } + } out = bio_open_default(outfile, 'w', outformat); if (out == NULL) |