diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-07-06 12:28:22 +0200 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2022-09-20 20:59:50 +0200 |
commit | 200d844782956b4c6db9bdd92a53113d9c2dc3c7 (patch) | |
tree | 4243506395c1ceba9fc91335c916e02e64650c3a /apps/cmp.c | |
parent | 51024f75591d00a52dd867906a763b4e2107e288 (diff) | |
download | openssl-new-200d844782956b4c6db9bdd92a53113d9c2dc3c7.tar.gz |
APPS: Move load_csr_autofmt() from apps/cmp.c to apps.c and use it also for apps, too
Also add related references to FR #15725.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18900)
Diffstat (limited to 'apps/cmp.c')
-rw-r--r-- | apps/cmp.c | 31 |
1 files changed, 2 insertions, 29 deletions
diff --git a/apps/cmp.c b/apps/cmp.c index ccfd7fcc23..bac54f1265 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -691,34 +691,6 @@ static X509 *load_cert_pwd(const char *uri, const char *pass, const char *desc) return cert; } -static X509_REQ *load_csr_autofmt(const char *infile, const char *desc) -{ - X509_REQ *csr; - BIO *bio_bak = bio_err; - - bio_err = NULL; /* do not show errors on more than one try */ - csr = load_csr(infile, FORMAT_PEM, desc); - bio_err = bio_bak; - if (csr == NULL) { - ERR_clear_error(); - csr = load_csr(infile, FORMAT_ASN1, desc); - } - if (csr == NULL) { - ERR_print_errors(bio_err); - BIO_printf(bio_err, "error: unable to load %s from file '%s'\n", desc, - infile); - } else { - EVP_PKEY *pkey = X509_REQ_get0_pubkey(csr); - int ret = do_X509_REQ_verify(csr, pkey, NULL /* vfyopts */); - - if (pkey == NULL || ret < 0) - CMP_warn("error while verifying CSR self-signature"); - else if (ret == 0) - CMP_warn("CSR self-signature does not match the contents"); - } - return csr; -} - /* set expected hostname/IP addr and clears the email addr in the given ts */ static int truststore_set_host_etc(X509_STORE *ts, const char *host) { @@ -1641,7 +1613,8 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) if (opt_cmd == CMP_GENM) { CMP_warn("-csr option is ignored for command 'genm'"); } else { - if ((csr = load_csr_autofmt(opt_csr, "PKCS#10 CSR")) == NULL) + csr = load_csr_autofmt(opt_csr, FORMAT_UNDEF, "PKCS#10 CSR"); + if (csr == NULL) return 0; if (!OSSL_CMP_CTX_set1_p10CSR(ctx, csr)) goto oom; |