From: Dr. David von Oheimb Date: Sun, 14 Feb 2021 19:12:38 +0000 (+0100) Subject: apps/ca.c: Make sure ext_ctx structure gets initialized X-Git-Tag: openssl-3.0.0-alpha12~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d44a8a16c8a2851af7f70575ff3dd23cc06f30e1;p=thirdparty%2Fopenssl.git apps/ca.c: Make sure ext_ctx structure gets initialized Fixes #14175 Reviewed-by: David von Oheimb Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/14181) --- diff --git a/apps/ca.c b/apps/ca.c index 29f62f86f25..dbb4d15eb8e 100755 --- a/apps/ca.c +++ b/apps/ca.c @@ -863,6 +863,7 @@ end_of_options: if (extensions != NULL) { /* Check syntax of config file section */ X509V3_CTX ctx; + X509V3_set_ctx_test(&ctx); X509V3_set_nconf(&ctx, conf); if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, NULL)) { @@ -1141,6 +1142,7 @@ end_of_options: if (crl_ext != NULL) { /* Check syntax of file */ X509V3_CTX ctx; + X509V3_set_ctx_test(&ctx); X509V3_set_nconf(&ctx, conf); if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) { @@ -1230,6 +1232,7 @@ end_of_options: if (crl_ext != NULL || crlnumberfile != NULL) { X509V3_CTX crlctx; + X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); X509V3_set_nconf(&crlctx, conf); @@ -1697,12 +1700,12 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if (!i) goto end; + /* Initialize the context structure */ + X509V3_set_ctx(&ext_ctx, selfsign ? ret : x509, + ret, req, NULL, X509V3_CTX_REPLACE); + /* Lets add the extensions, if there are any */ if (ext_sect) { - /* Initialize the context structure */ - X509V3_set_ctx(&ext_ctx, selfsign ? ret : x509, - ret, req, NULL, X509V3_CTX_REPLACE); - if (extfile_conf != NULL) { if (verbose) BIO_printf(bio_err, "Extra configuration file found\n");