diff options
| author | Tianjia Zhang <tianjia.zhang@linux.alibaba.com> | 2023-04-21 11:06:21 +0800 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-05-03 09:48:17 +0200 |
| commit | a75f707fcaaed5c9b26e0ddfc0e0529957a11a1d (patch) | |
| tree | 1fd68e3591800af1a7ee2038886ea38c8770fdac /apps/cmp.c | |
| parent | a8eb81ccd2d3daeb92c0842a02dc688eae298250 (diff) | |
| download | openssl-new-a75f707fcaaed5c9b26e0ddfc0e0529957a11a1d.tar.gz | |
apps: silent warning when loading CSR files with vfyopt option
When verifying or signing a CSR file with the -vfyopt option,
a warning message similar to the following will appear:
Warning: CSR self-signature does not match the contents
This happens especially when the SM2 algorithm is used and the
distid parameter is added. Pass the vfyopts parameter to the
do_X509_REQ_verify() function to eliminate the warning message.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20799)
Diffstat (limited to 'apps/cmp.c')
| -rw-r--r-- | apps/cmp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/cmp.c b/apps/cmp.c index 84c5d89d7a..6cd3d7e7c0 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1643,7 +1643,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) if (opt_cmd == CMP_GENM) { CMP_warn("-csr option is ignored for command 'genm'"); } else { - csr = load_csr_autofmt(opt_csr, FORMAT_UNDEF, "PKCS#10 CSR"); + csr = load_csr_autofmt(opt_csr, FORMAT_UNDEF, NULL, "PKCS#10 CSR"); if (csr == NULL) return 0; if (!OSSL_CMP_CTX_set1_p10CSR(ctx, csr)) |