diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2024-02-23 10:32:14 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-04-02 17:35:25 +0200 |
commit | 387418893e45e588d1cbd4222549b5113437c9ab (patch) | |
tree | 3b9639ab7a2c91f0119346995649384f77aef891 /apps | |
parent | 36e2fbe38b21ce6d4a6bfde3b6deb692ca32fa39 (diff) |
Fix openssl req with -addext subjectAltName=dirName
The syntax check of the -addext fails because the
X509V3_CTX is used to lookup the referenced section,
but the wrong configuration file is used, where only
a default section with all passed in -addext lines is available.
Thus it was not possible to use the subjectAltName=dirName:section
as an -addext parameter. Probably other extensions as well.
This change affects only the syntax check, the real extension
was already created with correct parameters.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23669)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/req.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/req.c b/apps/req.c index 9b85600e10..a9009d6c7d 100644 --- a/apps/req.c +++ b/apps/req.c @@ -573,7 +573,7 @@ int req_main(int argc, char **argv) X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); - X509V3_set_nconf(&ctx, addext_conf); + X509V3_set_nconf(&ctx, req_conf); if (!X509V3_EXT_add_nconf(addext_conf, &ctx, "default", NULL)) { BIO_printf(bio_err, "Error checking extensions defined using -addext\n"); goto end; |