APPS/ca: remove spurious errors when certain config file entries are not provided

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20971)

diff --git a/apps/ca.c b/apps/ca.c
index 5952e3320f74851cf96c94e7d8390a3293469802..91ce4e88ab8952f1dec00d0aea8ff142c31bd9f3 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -537,7 +537,6 @@ end_of_options:
     f = NCONF_get_string(conf, section, STRING_MASK);
     if (f == NULL)
         ERR_clear_error();
-
     if (f != NULL && !ASN1_STRING_set_default_mask_asc(f)) {
         BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
         goto end;
@@ -631,7 +630,8 @@ end_of_options:
         msie_hack = 1;
 
     f = NCONF_get_string(conf, section, ENV_NAMEOPT);
-
+    if (f == NULL)
+        ERR_clear_error();
     if (f != NULL) {
         if (!set_nameopt(f)) {
             BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
@@ -641,7 +641,6 @@ end_of_options:
     }
 
     f = NCONF_get_string(conf, section, ENV_CERTOPT);
-
     if (f != NULL) {
         if (!set_cert_ex(&certopt, f)) {
             BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);
@@ -653,7 +652,6 @@ end_of_options:
     }
 
     f = NCONF_get_string(conf, section, ENV_EXTCOPY);
-
     if (f != NULL) {
         if (!set_ext_copy(&ext_copy, f)) {
             BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);
@@ -789,8 +787,10 @@ end_of_options:
         /* We can have sections in the ext file */
         if (extensions == NULL) {
             extensions = NCONF_get_string(extfile_conf, "default", "extensions");
-            if (extensions == NULL)
+            if (extensions == NULL) {
+                ERR_clear_error();
                 extensions = "default";
+            }
         }
     }
 
@@ -828,6 +828,8 @@ end_of_options:
             char *tmp_email_dn = NULL;
 
             tmp_email_dn = NCONF_get_string(conf, section, ENV_DEFAULT_EMAIL_DN);
+            if (tmp_email_dn == NULL)
+                ERR_clear_error();
             if (tmp_email_dn != NULL && strcmp(tmp_email_dn, "no") == 0)
                 email_dn = 0;
         }
@@ -843,6 +845,7 @@ end_of_options:
         if (NCONF_get_string(conf, section, ENV_RAND_SERIAL) != NULL) {
             rand_ser = 1;
         } else {
+            ERR_clear_error();
             serialfile = lookup_conf(conf, section, ENV_SERIAL);
             if (serialfile == NULL)
                 goto end;
@@ -912,8 +915,10 @@ end_of_options:
         }
 
         if (days == 0) {
-            if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days))
+            if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days)) {
+                ERR_clear_error();
                 days = 0;
+            }
         }
         if (enddate == NULL && days == 0) {
             BIO_printf(bio_err, "cannot lookup how many days to certify for\n");
@@ -1165,22 +1170,28 @@ end_of_options:
             }
         }
 
-        if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER))
-            != NULL)
+        crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER);
+        if (crlnumberfile != NULL) {
             if ((crlnumber = load_serial(crlnumberfile, NULL, 0, NULL))
                 == NULL) {
                 BIO_printf(bio_err, "error while loading CRL number\n");
                 goto end;
             }
+        } else {
+            ERR_clear_error();
+        }
 
         if (!crldays && !crlhours && !crlsec) {
             if (!NCONF_get_number(conf, section,
-                                  ENV_DEFAULT_CRL_DAYS, &crldays))
+                                  ENV_DEFAULT_CRL_DAYS, &crldays)) {
+                ERR_clear_error();
                 crldays = 0;
+            }
             if (!NCONF_get_number(conf, section,
-                                  ENV_DEFAULT_CRL_HOURS, &crlhours))
+                                  ENV_DEFAULT_CRL_HOURS, &crlhours)) {
+                ERR_clear_error();
                 crlhours = 0;
-            ERR_clear_error();
+            }
         }
         if ((crl_nextupdate == NULL) &&
                 (crldays == 0) && (crlhours == 0) && (crlsec == 0)) {