diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-01-23 12:54:39 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-03-02 11:05:34 +0100 |
commit | dd5fa5f5afcb58d75f22d45075224ce3c80f91f3 (patch) | |
tree | cac61ee70ab0cc1c9ffda68b905b032a617b44f0 /crypto/cmp/cmp_msg.c | |
parent | e1f946630f06c2d3a112022472bb13a1586f599f (diff) |
CMP: On NULL-DN subject or issuer input omit field in cert template
Also improve diagnostics on inconsistent cert request input in apps/cmp.c,
add trace output for transactionIDs on new sessions,
and update the documentation in openssl-cmp.pod.in.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14018)
Diffstat (limited to 'crypto/cmp/cmp_msg.c')
-rw-r--r-- | crypto/cmp/cmp_msg.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 8514336801..09b2d7b03b 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -218,7 +218,7 @@ static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, int for_KUR) { if (ctx->subjectName != NULL) - return ctx->subjectName; + return IS_NULL_DN(ctx->subjectName) ? NULL : ctx->subjectName; if (ref_subj != NULL && (for_KUR || !HAS_SAN(ctx))) /* @@ -241,7 +241,8 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid) refcert != NULL ? X509_get_subject_name(refcert) : NULL; const X509_NAME *subject = determine_subj(ctx, ref_subj, for_KUR); const X509_NAME *issuer = ctx->issuer != NULL || refcert == NULL - ? ctx->issuer : X509_get_issuer_name(refcert); + ? (IS_NULL_DN(ctx->issuer) ? NULL : ctx->issuer) + : X509_get_issuer_name(refcert); int crit = ctx->setSubjectAltNameCritical || subject == NULL; /* RFC5280: subjectAltName MUST be critical if subject is null */ X509_EXTENSIONS *exts = NULL; |