summaryrefslogtreecommitdiffstats
path: root/crypto/cmp/cmp_msg.c
diff options
context:
space:
mode:
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>2021-01-23 12:54:39 +0100
committerDr. David von Oheimb <dev@ddvo.net>2021-03-02 11:05:34 +0100
commitdd5fa5f5afcb58d75f22d45075224ce3c80f91f3 (patch)
treecac61ee70ab0cc1c9ffda68b905b032a617b44f0 /crypto/cmp/cmp_msg.c
parente1f946630f06c2d3a112022472bb13a1586f599f (diff)
CMP: On NULL-DN subject or issuer input omit field in cert template
Also improve diagnostics on inconsistent cert request input in apps/cmp.c, add trace output for transactionIDs on new sessions, and update the documentation in openssl-cmp.pod.in. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14018)
Diffstat (limited to 'crypto/cmp/cmp_msg.c')
-rw-r--r--crypto/cmp/cmp_msg.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index 8514336801..09b2d7b03b 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -218,7 +218,7 @@ static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx,
int for_KUR)
{
if (ctx->subjectName != NULL)
- return ctx->subjectName;
+ return IS_NULL_DN(ctx->subjectName) ? NULL : ctx->subjectName;
if (ref_subj != NULL && (for_KUR || !HAS_SAN(ctx)))
/*
@@ -241,7 +241,8 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid)
refcert != NULL ? X509_get_subject_name(refcert) : NULL;
const X509_NAME *subject = determine_subj(ctx, ref_subj, for_KUR);
const X509_NAME *issuer = ctx->issuer != NULL || refcert == NULL
- ? ctx->issuer : X509_get_issuer_name(refcert);
+ ? (IS_NULL_DN(ctx->issuer) ? NULL : ctx->issuer)
+ : X509_get_issuer_name(refcert);
int crit = ctx->setSubjectAltNameCritical || subject == NULL;
/* RFC5280: subjectAltName MUST be critical if subject is null */
X509_EXTENSIONS *exts = NULL;
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-13 02:43:33 +0000