diff options
author | David Benjamin <davidben@google.com> | 2021-03-11 14:43:04 -0500 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-04-28 11:40:06 +0200 |
commit | cdf63a3736a91a534bd3bc952b1dc3ef714604dd (patch) | |
tree | f1c2986418c09bd6a8933d024475ede09f44c687 /apps | |
parent | d97adfda2868aeb9e62df96216203e8120a95d6d (diff) | |
download | openssl-cdf63a3736a91a534bd3bc952b1dc3ef714604dd.tar.gz |
Add X509 version constants.
The X509 version APIs return the numerical values of the version
numbers, which are one off from the names. This is a bit confusing.
Where they don't get it wrong (accidentally making an "X509v4"
certificate), callers tend to try commenting every call site to explain
the mismatch, including in OpenSSL itself.
Define constants for these values, so code can be self-documenting and
callers are nudged towards the right values.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14549)
Diffstat (limited to 'apps')
-rwxr-xr-x | apps/ca.c | 4 | ||||
-rw-r--r-- | apps/lib/apps.c | 2 | ||||
-rw-r--r-- | apps/req.c | 3 |
3 files changed, 5 insertions, 4 deletions
@@ -1255,8 +1255,8 @@ end_of_options: } } if (crl_ext != NULL || crl_v2) { - if (!X509_CRL_set_version(crl, 1)) - goto end; /* version 2 CRL */ + if (!X509_CRL_set_version(crl, X509_CRL_VERSION_2)) + goto end; } /* we have a CRL number that need updating */ diff --git a/apps/lib/apps.c b/apps/lib/apps.c index e39e7cd061..4b7b38cf5c 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -2209,7 +2209,7 @@ int do_X509_sign(X509 *cert, EVP_PKEY *pkey, const EVP_MD *md, if (sk_X509_EXTENSION_num(exts /* may be NULL */) > 0) { /* Prevent X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 */ - if (!X509_set_version(cert, 2)) /* Make sure cert is X509 v3 */ + if (!X509_set_version(cert, X509_VERSION_3)) goto end; /* diff --git a/apps/req.c b/apps/req.c index 89bde55b93..0a524118f0 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1117,7 +1117,8 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, X509_NAME *fsubj, } } - if (!X509_REQ_set_version(req, 0L)) /* so far there is only version 1 */ + /* so far there is only version 1 */ + if (!X509_REQ_set_version(req, X509_REQ_VERSION_1)) goto err; if (fsubj != NULL) |