From: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Tue, 30 May 2023 19:09:26 +0000 (+0200)
Subject: apps.c: add comment to do_X509_sign() referring to question #19805
X-Git-Tag: openssl-3.2.0-alpha1~714
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=586b5407d6138ce23416d4101168ab0c2b1651b6;p=thirdparty%2Fopenssl.git

apps.c: add comment to do_X509_sign() referring to question #19805

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)
---

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 79980257bde..4f92016ee2f 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -2349,6 +2349,7 @@ int do_X509_sign(X509 *cert, int force_v1, EVP_PKEY *pkey, const char *md,
                              "keyid, issuer", !self_sign))
             goto end;
     }
+    /* May add further measures for ensuring RFC 5280 compliance, see #19805 */
 
     if (mctx != NULL && do_sign_init(mctx, pkey, md, sigopts) > 0)
         rv = (X509_sign_ctx(cert, mctx) > 0);