diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-08-01 20:34:19 +0200 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2022-08-24 11:29:40 +0200 |
commit | 7af110f9f5fb9b039cc09b63768a0b989a7bf5ad (patch) | |
tree | 3d5ee51498f2e93b4cc7b040a3540930e969abdb /crypto | |
parent | aeadd2981b214d5e2a8f578179c17b0dccc77042 (diff) | |
download | openssl-7af110f9f5fb9b039cc09b63768a0b989a7bf5ad.tar.gz |
CMP: correct handling of fallback subject in OSSL_CMP_CTX_setup_CRM() and its doc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18929)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/cmp/cmp_msg.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index bd141b5a7b..c6c75f3bc1 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -253,16 +253,16 @@ OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype) (sk_GENERAL_NAME_num((ctx)->subjectAltNames) > 0 \ || OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) == 1) -static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, - const X509_NAME *ref_subj, - int for_KUR) +static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, int for_KUR, + const X509_NAME *ref_subj) { if (ctx->subjectName != NULL) return IS_NULL_DN(ctx->subjectName) ? NULL : ctx->subjectName; - - if (ref_subj != NULL && (ctx->p10CSR != NULL || for_KUR || !HAS_SAN(ctx))) + if (ctx->p10CSR != NULL) /* first default is from any given CSR */ + return X509_REQ_get_subject_name(ctx->p10CSR); + if (for_KUR || !HAS_SAN(ctx)) /* - * For KUR, copy subject from the reference. + * For KUR, copy subject from any reference cert as fallback. * For IR or CR, do the same only if there is no subjectAltName. */ return ref_subj; @@ -277,9 +277,8 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid) EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0); STACK_OF(GENERAL_NAME) *default_sans = NULL; const X509_NAME *ref_subj = - ctx->p10CSR != NULL ? X509_REQ_get_subject_name(ctx->p10CSR) : refcert != NULL ? X509_get_subject_name(refcert) : NULL; - const X509_NAME *subject = determine_subj(ctx, ref_subj, for_KUR); + const X509_NAME *subject = determine_subj(ctx, for_KUR, ref_subj); const X509_NAME *issuer = ctx->issuer != NULL || refcert == NULL ? (IS_NULL_DN(ctx->issuer) ? NULL : ctx->issuer) : X509_get_issuer_name(refcert); |