forked from wolfSSL/wolfssl
Fix for setting wrong version in CSRs.
This commit is contained in:
Anthony Hu
23
src/x509.c
23
src/x509.c
@@ -7067,8 +7067,10 @@ int wolfSSL_X509_REQ_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509)
|
|||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* print version of cert */
|
/* print version of cert. Note that we increment by 1 because for REQs,
|
||||||
if (X509PrintVersion(bio, wolfSSL_X509_version(x509), 8)
|
* the value stored in x509->version is the actual value of the field; not
|
||||||
|
* the version. */
|
||||||
|
if (X509PrintVersion(bio, wolfSSL_X509_REQ_get_version(x509) + 1, 8)
|
||||||
!= WOLFSSL_SUCCESS) {
|
!= WOLFSSL_SUCCESS) {
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
@@ -14840,6 +14842,23 @@ void wolfSSL_X509_REQ_free(WOLFSSL_X509* req)
|
|||||||
wolfSSL_X509_free(req);
|
wolfSSL_X509_free(req);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int wolfSSL_X509_REQ_set_version(WOLFSSL_X509 *x, long version) {
|
||||||
|
WOLFSSL_ENTER("wolfSSL_X509_REQ_set_version");
|
||||||
|
if ((x == NULL) || (version < 0) || (version >= INT_MAX)) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
x->version = (int)version;
|
||||||
|
return WOLFSSL_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
long wolfSSL_X509_REQ_get_version(const WOLFSSL_X509 *req) {
|
||||||
|
WOLFSSL_ENTER("wolfSSL_X509_REQ_get_version");
|
||||||
|
if (req == NULL) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
return (long)req->version;
|
||||||
|
}
|
||||||
|
|
||||||
int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
|
int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
|
||||||
const WOLFSSL_EVP_MD *md)
|
const WOLFSSL_EVP_MD *md)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -509,7 +509,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
|||||||
#define X509_set1_notBefore wolfSSL_X509_set1_notBefore
|
#define X509_set1_notBefore wolfSSL_X509_set1_notBefore
|
||||||
#define X509_set_serialNumber wolfSSL_X509_set_serialNumber
|
#define X509_set_serialNumber wolfSSL_X509_set_serialNumber
|
||||||
#define X509_set_version wolfSSL_X509_set_version
|
#define X509_set_version wolfSSL_X509_set_version
|
||||||
#define X509_REQ_set_version wolfSSL_X509_set_version
|
#define X509_REQ_set_version wolfSSL_X509_REQ_set_version
|
||||||
|
#define X509_REQ_get_version wolfSSL_X509_REQ_get_version
|
||||||
#define X509_sign wolfSSL_X509_sign
|
#define X509_sign wolfSSL_X509_sign
|
||||||
#define X509_sign_ctx wolfSSL_X509_sign_ctx
|
#define X509_sign_ctx wolfSSL_X509_sign_ctx
|
||||||
#define X509_print wolfSSL_X509_print
|
#define X509_print wolfSSL_X509_print
|
||||||
|
|||||||
@@ -4815,6 +4815,8 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
|
|||||||
WOLFSSL_API int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out);
|
WOLFSSL_API int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out);
|
||||||
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void);
|
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void);
|
||||||
WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req);
|
WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req);
|
||||||
|
WOLFSSL_API long wolfSSL_X509_REQ_get_version(const WOLFSSL_X509 *req);
|
||||||
|
WOLFSSL_API int wolfSSL_X509_REQ_set_version(WOLFSSL_X509 *x, long version);
|
||||||
WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
|
WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
|
||||||
const WOLFSSL_EVP_MD *md);
|
const WOLFSSL_EVP_MD *md);
|
||||||
WOLFSSL_API int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req,
|
WOLFSSL_API int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req,
|
||||||
|
|||||||
Reference in New Issue
Block a user