summaryrefslogtreecommitdiffstats
path: root/crypto/cmp
diff options
context:
space:
mode:
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>2022-08-01 20:34:19 +0200
committerDr. David von Oheimb <dev@ddvo.net>2022-08-24 11:29:40 +0200
commit7af110f9f5fb9b039cc09b63768a0b989a7bf5ad (patch)
tree3d5ee51498f2e93b4cc7b040a3540930e969abdb /crypto/cmp
parentaeadd2981b214d5e2a8f578179c17b0dccc77042 (diff)
CMP: correct handling of fallback subject in OSSL_CMP_CTX_setup_CRM() and its doc
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18929)
Diffstat (limited to 'crypto/cmp')
-rw-r--r--crypto/cmp/cmp_msg.c15
1 files changed, 7 insertions, 8 deletions
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index bd141b5a7b..c6c75f3bc1 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -253,16 +253,16 @@ OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype)
(sk_GENERAL_NAME_num((ctx)->subjectAltNames) > 0 \
|| OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) == 1)
-static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx,
- const X509_NAME *ref_subj,
- int for_KUR)
+static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, int for_KUR,
+ const X509_NAME *ref_subj)
{
if (ctx->subjectName != NULL)
return IS_NULL_DN(ctx->subjectName) ? NULL : ctx->subjectName;
-
- if (ref_subj != NULL && (ctx->p10CSR != NULL || for_KUR || !HAS_SAN(ctx)))
+ if (ctx->p10CSR != NULL) /* first default is from any given CSR */
+ return X509_REQ_get_subject_name(ctx->p10CSR);
+ if (for_KUR || !HAS_SAN(ctx))
/*
- * For KUR, copy subject from the reference.
+ * For KUR, copy subject from any reference cert as fallback.
* For IR or CR, do the same only if there is no subjectAltName.
*/
return ref_subj;
@@ -277,9 +277,8 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid)
EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0);
STACK_OF(GENERAL_NAME) *default_sans = NULL;
const X509_NAME *ref_subj =
- ctx->p10CSR != NULL ? X509_REQ_get_subject_name(ctx->p10CSR) :
refcert != NULL ? X509_get_subject_name(refcert) : NULL;
- const X509_NAME *subject = determine_subj(ctx, ref_subj, for_KUR);
+ const X509_NAME *subject = determine_subj(ctx, for_KUR, ref_subj);
const X509_NAME *issuer = ctx->issuer != NULL || refcert == NULL
? (IS_NULL_DN(ctx->issuer) ? NULL : ctx->issuer)
: X509_get_issuer_name(refcert);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 20:59:16 +0000