diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-10-27 12:00:22 +0100 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-11-11 10:51:04 +0100 |
commit | d718521fcad5506842fdf46b4a1f7163be22991b (patch) | |
tree | 27e45d2c9e48342f7e7ff12150449cdb1a61db69 /crypto/cmp/cmp_msg.c | |
parent | 4757a3475191b84954f8fa15202de44c8dbb5ea3 (diff) |
cmp_msg.c: Use issuer of reference cert as default issuer entry in certTemplate
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13357)
Diffstat (limited to 'crypto/cmp/cmp_msg.c')
-rw-r--r-- | crypto/cmp/cmp_msg.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 5ff8e9fc52..2333b0bc2b 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -209,6 +209,8 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid) EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0); STACK_OF(GENERAL_NAME) *default_sans = NULL; const X509_NAME *subject = determine_subj(ctx, refcert, for_KUR); + const X509_NAME *issuer = ctx->issuer != NULL || refcert == NULL + ? ctx->issuer : X509_get_issuer_name(refcert); int crit = ctx->setSubjectAltNameCritical || subject == NULL; /* RFC5280: subjectAltName MUST be critical if subject is null */ X509_EXTENSIONS *exts = NULL; @@ -234,8 +236,7 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid) * it could be NULL if centralized key creation was supported */ || !OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_MSG_get0_tmpl(crm), rkey, - subject, ctx->issuer, - NULL /* serial */)) + subject, issuer, NULL /* serial */)) goto err; if (ctx->days != 0) { time_t now = time(NULL); @@ -433,7 +434,7 @@ OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype, if (msg->extraCerts == NULL || !X509_add_certs(msg->extraCerts, chain, X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) - goto err; + goto err; } if (!unprotectedErrors |