Make OCSP cert id code tolerate a missing issuer certificate

or serial number.
author: Dr. Stephen Henson <steve@openssl.org> 2001-02-23 13:04:24 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2001-02-23 13:04:24 +0000
commit: d7c06e9ec74ef7e71d36b0ffdf95167e67804f1f (patch)
tree: 0622733f2fe3f9852fc73a1d951c34ef34ed2d9b /crypto/ocsp
parent: 386828d02913b26918ac2883623e3f66103a120d (diff)
1 files changed, 16 insertions, 5 deletions
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 4cdc5f0111..0ddf1b2906 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -80,8 +80,16 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
 #ifndef OPENSSL_NO_SHA1
 	if(!dgst) dgst = EVP_sha1();
 #endif
-	iname = X509_get_issuer_name(subject);
-	serial = X509_get_serialNumber(subject);
+	if (subject)
+		{
+		iname = X509_get_issuer_name(subject);
+		serial = X509_get_serialNumber(subject);
+		}
+	else
+		{
+		iname = X509_get_subject_name(issuer);
+		serial = NULL;
+		}
 	ikey = X509_get0_pubkey_bitstr(issuer);
 	return OCSP_cert_id_new(dgst, iname, ikey, serial);
 }
@@ -118,9 +126,12 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
 	EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst);
 
 	if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
-	
-	if (cid->serialNumber != NULL) ASN1_INTEGER_free(cid->serialNumber);
-	if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err;
+
+	if (serialNumber)
+		{
+		ASN1_INTEGER_free(cid->serialNumber);
+		if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err;
+		}
 	return cid;
 digerr:
 	OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_DIGEST_ERR);
author	Dr. Stephen Henson <steve@openssl.org>	2001-02-23 13:04:24 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2001-02-23 13:04:24 +0000
commit	d7c06e9ec74ef7e71d36b0ffdf95167e67804f1f (patch)
tree	0622733f2fe3f9852fc73a1d951c34ef34ed2d9b /crypto/ocsp
parent	386828d02913b26918ac2883623e3f66103a120d (diff)