From e6c2f96489fc0c006845c8597f8ceed2f01f76ee Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Wed, 31 Mar 2021 15:10:22 +1000
Subject: Fix more certificate related lib_ctx settings.

Fixes #13732

Fix a few places that were not using the '_ex' variants of
ASN1_item_sign/verify.

Added X509_CRL_new_ex().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14752)
---
 apps/ca.c   |  2 +-
 apps/ocsp.c | 11 ++++++-----
 apps/req.c  |  2 +-
 3 files changed, 8 insertions(+), 7 deletions(-)

(limited to 'apps')

diff --git a/apps/ca.c b/apps/ca.c
index 9cec43cf8b..268bd76912 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1178,7 +1178,7 @@ end_of_options:
 
         if (verbose)
             BIO_printf(bio_err, "making CRL\n");
-        if ((crl = X509_CRL_new()) == NULL)
+        if ((crl = X509_CRL_new_ex(app_get0_libctx(), app_get0_propq())) == NULL)
             goto end;
         if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509)))
             goto end;
diff --git a/apps/ocsp.c b/apps/ocsp.c
index cd3a3bd695..7d64ee2d02 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -469,7 +469,8 @@ int ocsp_main(int argc, char **argv)
         case OPT_RSIGOPT:
             if (rsign_sigopts == NULL)
                 rsign_sigopts = sk_OPENSSL_STRING_new_null();
-            if (rsign_sigopts == NULL || !sk_OPENSSL_STRING_push(rsign_sigopts, opt_arg()))
+            if (rsign_sigopts == NULL
+                || !sk_OPENSSL_STRING_push(rsign_sigopts, opt_arg()))
                 goto end;
             break;
         case OPT_HEADER:
@@ -676,8 +677,8 @@ redo_accept:
         if (key == NULL)
             goto end;
 
-        if (!OCSP_request_sign
-            (req, signer, key, NULL, sign_other, sign_flags)) {
+        if (!OCSP_request_sign(req, signer, key, NULL,
+                               sign_other, sign_flags)) {
             BIO_printf(bio_err, "Error signing OCSP request\n");
             goto end;
         }
@@ -696,8 +697,8 @@ redo_accept:
 
     if (rdb != NULL) {
         make_ocsp_response(bio_err, &resp, req, rdb, rca_cert, rsigner, rkey,
-                           rsign_md, rsign_sigopts, rother, rflags, nmin, ndays, badsig,
-                           resp_certid_md);
+                           rsign_md, rsign_sigopts, rother, rflags, nmin, ndays,
+                           badsig, resp_certid_md);
         if (cbio != NULL)
             send_ocsp_response(cbio, resp);
     } else if (host != NULL) {
diff --git a/apps/req.c b/apps/req.c
index 4056b18f51..04774db399 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -802,7 +802,7 @@ int req_main(int argc, char **argv)
         }
 
         if (req == NULL) {
-            req = X509_REQ_new();
+            req = X509_REQ_new_ex(app_get0_libctx(), app_get0_propq());
             if (req == NULL) {
                 goto end;
             }
-- 
cgit v1.2.3