From: Dr. David von Oheimb Date: Mon, 15 May 2023 17:59:16 +0000 (+0200) Subject: APPS/ca: remove spurious errors when certain config file entries are not provided X-Git-Tag: openssl-3.2.0-alpha1~753 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c8aec16383c7a9aec76b28e6eb95d36bef6f7e56;p=thirdparty%2Fopenssl.git APPS/ca: remove spurious errors when certain config file entries are not provided Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/20971) --- diff --git a/apps/ca.c b/apps/ca.c index 5952e3320f7..91ce4e88ab8 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -537,7 +537,6 @@ end_of_options: f = NCONF_get_string(conf, section, STRING_MASK); if (f == NULL) ERR_clear_error(); - if (f != NULL && !ASN1_STRING_set_default_mask_asc(f)) { BIO_printf(bio_err, "Invalid global string mask setting %s\n", f); goto end; @@ -631,7 +630,8 @@ end_of_options: msie_hack = 1; f = NCONF_get_string(conf, section, ENV_NAMEOPT); - + if (f == NULL) + ERR_clear_error(); if (f != NULL) { if (!set_nameopt(f)) { BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f); @@ -641,7 +641,6 @@ end_of_options: } f = NCONF_get_string(conf, section, ENV_CERTOPT); - if (f != NULL) { if (!set_cert_ex(&certopt, f)) { BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f); @@ -653,7 +652,6 @@ end_of_options: } f = NCONF_get_string(conf, section, ENV_EXTCOPY); - if (f != NULL) { if (!set_ext_copy(&ext_copy, f)) { BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f); @@ -789,8 +787,10 @@ end_of_options: /* We can have sections in the ext file */ if (extensions == NULL) { extensions = NCONF_get_string(extfile_conf, "default", "extensions"); - if (extensions == NULL) + if (extensions == NULL) { + ERR_clear_error(); extensions = "default"; + } } } @@ -828,6 +828,8 @@ end_of_options: char *tmp_email_dn = NULL; tmp_email_dn = NCONF_get_string(conf, section, ENV_DEFAULT_EMAIL_DN); + if (tmp_email_dn == NULL) + ERR_clear_error(); if (tmp_email_dn != NULL && strcmp(tmp_email_dn, "no") == 0) email_dn = 0; } @@ -843,6 +845,7 @@ end_of_options: if (NCONF_get_string(conf, section, ENV_RAND_SERIAL) != NULL) { rand_ser = 1; } else { + ERR_clear_error(); serialfile = lookup_conf(conf, section, ENV_SERIAL); if (serialfile == NULL) goto end; @@ -912,8 +915,10 @@ end_of_options: } if (days == 0) { - if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days)) + if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days)) { + ERR_clear_error(); days = 0; + } } if (enddate == NULL && days == 0) { BIO_printf(bio_err, "cannot lookup how many days to certify for\n"); @@ -1165,22 +1170,28 @@ end_of_options: } } - if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER)) - != NULL) + crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER); + if (crlnumberfile != NULL) { if ((crlnumber = load_serial(crlnumberfile, NULL, 0, NULL)) == NULL) { BIO_printf(bio_err, "error while loading CRL number\n"); goto end; } + } else { + ERR_clear_error(); + } if (!crldays && !crlhours && !crlsec) { if (!NCONF_get_number(conf, section, - ENV_DEFAULT_CRL_DAYS, &crldays)) + ENV_DEFAULT_CRL_DAYS, &crldays)) { + ERR_clear_error(); crldays = 0; + } if (!NCONF_get_number(conf, section, - ENV_DEFAULT_CRL_HOURS, &crlhours)) + ENV_DEFAULT_CRL_HOURS, &crlhours)) { + ERR_clear_error(); crlhours = 0; - ERR_clear_error(); + } } if ((crl_nextupdate == NULL) && (crldays == 0) && (crlhours == 0) && (crlsec == 0)) {