root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

apps/x509.c: re-add ERR queue printing on errors
GitHub CI / check_update (push) Waiting to run Details
GitHub CI / check_docs (push) Waiting to run Details
GitHub CI / check-c99 (push) Waiting to run Details
GitHub CI / basic_gcc (push) Waiting to run Details
GitHub CI / basic_clang (push) Waiting to run Details
GitHub CI / linux-arm64 (push) Waiting to run Details
GitHub CI / freebsd-x86_64 (push) Waiting to run Details
GitHub CI / minimal (push) Waiting to run Details
GitHub CI / no-deprecated (push) Waiting to run Details
GitHub CI / no-shared-ubuntu (push) Waiting to run Details
GitHub CI / no-shared-macos (macos-13) (push) Waiting to run Details
GitHub CI / no-shared-macos (macos-14) (push) Waiting to run Details
GitHub CI / non-caching (push) Waiting to run Details
GitHub CI / address_ub_sanitizer (push) Waiting to run Details
GitHub CI / fuzz_tests (push) Waiting to run Details
GitHub CI / memory_sanitizer (push) Waiting to run Details
GitHub CI / threads_sanitizer (push) Waiting to run Details
GitHub CI / enable_non-default_options (push) Waiting to run Details
GitHub CI / full_featured (push) Waiting to run Details
GitHub CI / no-legacy (push) Waiting to run Details
GitHub CI / legacy (push) Waiting to run Details
GitHub CI / out-of-readonly-source-and-install-ubuntu (push) Waiting to run Details
GitHub CI / out-of-readonly-source-and-install-macos (macos-13) (push) Waiting to run Details
GitHub CI / out-of-readonly-source-and-install-macos (macos-14) (push) Waiting to run Details
GitHub CI / external-tests-misc (push) Waiting to run Details
GitHub CI / external-tests-oqs-provider (push) Waiting to run Details
GitHub CI / external-tests-pkcs11-provider (push) Waiting to run Details
GitHub CI / external-tests-pyca (3.9) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-11 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-12 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-13 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-14 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-15 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-16 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-17 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:gcc-10 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:gcc-11 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:gcc-12 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:gcc-13 distro:ubuntu-22.04 gcc-ppa-name:ubuntu-toolchain-r/test]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:gcc-9 distro:ubuntu-22.04]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:aarch64-linux-gnu fips:no libs:libc6-dev-arm64-cross target:linux-aarch64]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:alpha-linux-gnu fips:no libs:libc6.1-dev-alpha-cross target:linux-alpha-gcc]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabi fips:no libs:libc6-dev-armel-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabihf fips:no libs:libc6-dev-armhf-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu fips:no libs:libc6-dev-hppa-cross target:-static -O1 linux-generic32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu libs:libc6-dev-hppa-cross target:linux-generic32 tests:none]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:i386-pc-msdosdjgpp libs:libc-djgpp-dev libwatt-djgpp-dev djgpp-utils ppa:jwt27/djgpp-toolchain target:no-threads 386 DJGPP tests:none]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu fips:no libs:libc6-dev-m68k-cross target:-static -m68040 linux-latomic -Wno-stringop-overflow tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu libs:libc6-dev-m68k-cross target:-mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic tests:none]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:mips-linux-gnu fips:no libs:libc6-dev-mips-cross target:-static linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:mips-linux-gnu libs:libc6-dev-mips-cross target:linux-mips32 tests:none]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 fips:no libs:libc6-dev-mips64-cross target:-static linux64-mips64]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 libs:libc6-dev-mips64-cross target:linux64-mips64 tests:none]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:mipsel-linux-gnu fips:no libs:libc6-dev-mipsel-cross target:linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:powerpc64le-linux-gnu fips:no libs:libc6-dev-ppc64el-cross target:linux-ppc64le]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross target:linux64-riscv64]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:s390x-linux-gnu fips:no libs:libc6-dev-s390x-cross target:linux64-s390x -Wno-stringop-overflow]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:sh4-linux-gnu fips:no libs:libc6-dev-sh4-cross target:no-async linux-latomic tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:sparc64-linux-gnu libs:libc6-dev-sparc64-cross target:linux64-sparcv9 tests:none]) (push) Waiting to run Details
Trigger docs.openssl.org deployment / trigger (push) Waiting to run Details
Fuzz-checker CI / fuzz-checker (map[cc:afl-clang-fast config:enable-fuzz-afl no-module install:afl++ name:AFL]) (push) Waiting to run Details
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION extra:enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment ena… (push) Waiting to run Details
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function install:libfuzzer-18-dev libs:--with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer linke… (push) Waiting to run Details
CIFuzz / Fuzzing (push) Waiting to run Details
Run-checker CI / run-checker (enable-trace enable-fips) (push) Waiting to run Details
Run-checker CI / run-checker (no-cmp) (push) Waiting to run Details
Run-checker CI / run-checker (no-cms) (push) Waiting to run Details
Run-checker CI / run-checker (no-default-thread-pool) (push) Waiting to run Details
Run-checker CI / run-checker (no-dgram) (push) Waiting to run Details
Run-checker CI / run-checker (no-dh) (push) Waiting to run Details
Run-checker CI / run-checker (no-dtls) (push) Waiting to run Details
Run-checker CI / run-checker (no-ec) (push) Waiting to run Details
Run-checker CI / run-checker (no-ecx) (push) Waiting to run Details
Run-checker CI / run-checker (no-http) (push) Waiting to run Details
Run-checker CI / run-checker (no-legacy) (push) Waiting to run Details
Run-checker CI / run-checker (no-ml-dsa) (push) Waiting to run Details
Run-checker CI / run-checker (no-ml-kem) (push) Waiting to run Details
Run-checker CI / run-checker (no-quic) (push) Waiting to run Details
Run-checker CI / run-checker (no-sock) (push) Waiting to run Details
Run-checker CI / run-checker (no-ssl-trace) (push) Waiting to run Details
Run-checker CI / run-checker (no-stdio) (push) Waiting to run Details
Run-checker CI / run-checker (no-thread-pool) (push) Waiting to run Details
Run-checker CI / run-checker (no-threads) (push) Waiting to run Details
Run-checker CI / run-checker (no-tls) (push) Waiting to run Details
Run-checker CI / run-checker (no-tls1_2) (push) Waiting to run Details
Run-checker CI / run-checker (no-tls1_3) (push) Waiting to run Details
Run-checker CI / run-checker (no-ui) (push) Waiting to run Details
Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Waiting to run Details
Run-checker merge / run-checker (enable-pie) (push) Waiting to run Details
Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Waiting to run Details
Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Waiting to run Details
Run-checker merge / run-checker (enable-zlib) (push) Waiting to run Details
Run-checker merge / run-checker (no-dso) (push) Waiting to run Details
Run-checker merge / run-checker (no-dynamic-engine) (push) Waiting to run Details
Run-checker merge / run-checker (no-ec2m enable-fips) (push) Waiting to run Details
Run-checker merge / run-checker (no-engine no-shared) (push) Waiting to run Details
Run-checker merge / run-checker (no-err) (push) Waiting to run Details
Run-checker merge / run-checker (no-filenames) (push) Waiting to run Details
Run-checker merge / run-checker (no-integrity-only-ciphers) (push) Waiting to run Details
Run-checker merge / run-checker (no-module) (push) Waiting to run Details
Run-checker merge / run-checker (no-ocsp) (push) Waiting to run Details
Run-checker merge / run-checker (no-pinshared) (push) Waiting to run Details
Run-checker merge / run-checker (no-srp) (push) Waiting to run Details
Run-checker merge / run-checker (no-srtp) (push) Waiting to run Details
Run-checker merge / run-checker (no-ts) (push) Waiting to run Details
Run-checker merge / jitter (push) Waiting to run Details
Run-checker merge / threads_sanitizer_atomic_fallback (push) Waiting to run Details
Windows GitHub CI / shared (map[arch:win32 config:--strict-warnings no-fips os:windows-2025]) (push) Waiting to run Details
Windows GitHub CI / shared (map[arch:win64 config:enable-fips no-thread-pool no-quic os:windows-2025]) (push) Waiting to run Details
Windows GitHub CI / shared (map[arch:win64 config:enable-fips os:windows-2022]) (push) Waiting to run Details
Windows GitHub CI / plain (windows-2022) (push) Waiting to run Details
Windows GitHub CI / minimal (windows-2022) (push) Waiting to run Details
Windows GitHub CI / cygwin (windows-2022, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips]) (push) Waiting to run Details
Windows Compression GitHub CI / zstd (push) Has been cancelled Details
Windows Compression GitHub CI / brotli (push) Has been cancelled Details 

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27739)
This commit is contained in:
Dr. David von Oheimb 2025-06-01 16:35:31 +02:00 committed by Tomas Mraz
parent 287bbb28b0
commit ac85974bc3
1 changed files with 36 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
apps/x509.c
View File

@ -449,26 +449,26 @@ int x509_main(int argc, char **argv)
break;
case OPT_ADDTRUST:
if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL)
goto end;
goto err;
if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
BIO_printf(bio_err, "%s: Invalid trust object value %s\n",
prog, opt_arg());
goto opthelp;
}
if (!sk_ASN1_OBJECT_push(trust, objtmp))
goto end;
goto err;
trustout = 1;
break;
case OPT_ADDREJECT:
if (reject == NULL && (reject = sk_ASN1_OBJECT_new_null()) == NULL)
goto end;
goto err;
if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
BIO_printf(bio_err, "%s: Invalid reject object value %s\n",
prog, opt_arg());
goto opthelp;
}
if (!sk_ASN1_OBJECT_push(reject, objtmp))
goto end;
goto err;
trustout = 1;
break;
case OPT_SETALIAS:
@ -623,7 +623,7 @@ int x509_main(int argc, char **argv)
goto opthelp;
if (!app_RAND_load())
goto end;
goto err;
if (!opt_check_md(digest))
goto opthelp;
@ -652,7 +652,7 @@ int x509_main(int argc, char **argv)
if (!X509_STORE_set_default_paths_ex(ctx, app_get0_libctx(),
app_get0_propq()))
goto end;
goto err;
if (newcert && infile != NULL) {
BIO_printf(bio_err, "The -in option cannot be used with -new\n");
@ -665,12 +665,12 @@ int x509_main(int argc, char **argv)
if (privkeyfile != NULL) {
privkey = load_key(privkeyfile, keyformat, 0, passin, e, "private key");
if (privkey == NULL)
goto end;
goto err;
}
if (pubkeyfile != NULL) {
if ((pubkey = load_pubkey(pubkeyfile, keyformat, 0, NULL, e,
"explicitly set public key")) == NULL)
goto end;
goto err;
}
if (newcert) {
@ -687,10 +687,10 @@ int x509_main(int argc, char **argv)
}
if (issu != NULL
&& (fissu = parse_name(issu, chtype, multirdn, "issuer")) == NULL)
goto end;
goto err;
if (subj != NULL
&& (fsubj = parse_name(subj, chtype, multirdn, "subject")) == NULL)
goto end;
goto err;
if (CAkeyfile == NULL)
CAkeyfile = CAfile;
@ -722,7 +722,7 @@ int x509_main(int argc, char **argv)
X509V3_CTX ctx2;
if ((extconf = app_load_config(extfile)) == NULL)
goto end;
goto err;
if (extsect == NULL) {
extsect = app_conf_try_string(extconf, "default", "extensions");
if (extsect == NULL)
@ -749,7 +749,7 @@ int x509_main(int argc, char **argv)
req = load_csr_autofmt(infile, informat, vfyopts,
"certificate request input");
if (req == NULL)
goto end;
goto err;
if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) {
BIO_printf(bio_err, "Error unpacking public key from CSR\n");
@ -780,11 +780,11 @@ int x509_main(int argc, char **argv)
goto err;
}
if ((x = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL)
goto end;
goto err;
if (CAfile == NULL && sno == NULL) {
sno = ASN1_INTEGER_new();
if (sno == NULL || !rand_serial(NULL, sno))
goto end;
goto err;
}
if (req != NULL && ext_copy != EXT_COPY_UNSET) {
if (clrext && ext_copy != EXT_COPY_NONE) {
@ -802,21 +802,21 @@ int x509_main(int argc, char **argv)
if (multi) {
certs = sk_X509_new_null();
if (certs == NULL)
goto end;
goto err;
if (!load_certs(infile, 1, &certs, passin, NULL))
goto end;
goto err;
if (sk_X509_num(certs) <= 0)
goto end;
goto err;
} else {
x = load_cert_pass(infile, informat, 1, passin, "certificate");
if (x == NULL)
goto end;
goto err;
}
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
goto err;
cert_loop:
if (multi)
@ -825,17 +825,17 @@ int x509_main(int argc, char **argv)
if ((fsubj != NULL || req != NULL)
&& !X509_set_subject_name(x, fsubj != NULL ? fsubj :
X509_REQ_get_subject_name(req)))
goto end;
goto err;
if ((pubkey != NULL || privkey != NULL || req != NULL)
&& !X509_set_pubkey(x, pubkey != NULL ? pubkey :
privkey != NULL ? privkey :
X509_REQ_get0_pubkey(req)))
goto end;
goto err;
if (CAfile != NULL) {
xca = load_cert_pass(CAfile, CAformat, 1, passin, "CA certificate");
if (xca == NULL)
goto end;
goto err;
}
if (alias)
@ -872,9 +872,9 @@ int x509_main(int argc, char **argv)
if (sno == NULL)
sno = x509_load_serial(CAfile, CAserial, CA_createserial);
if (sno == NULL)
goto end;
goto err;
if (!x509toreq && !reqfile && !newcert && !self_signed(ctx, x))
goto end;
goto err;
} else {
if (privkey != NULL && !cert_matches_key(x, privkey))
BIO_printf(bio_err,
@ -882,17 +882,17 @@ int x509_main(int argc, char **argv)
}
if (sno != NULL && !X509_set_serialNumber(x, sno))
goto end;
goto err;
if (reqfile || newcert || privkey != NULL || CAfile != NULL) {
if (!preserve_dates && !set_cert_times(x, not_before, not_after, days, 1))
goto end;
goto err;
if (fissu != NULL) {
if (!X509_set_issuer_name(x, fissu))
goto end;
goto err;
} else {
if (!X509_set_issuer_name(x, X509_get_subject_name(issuer_cert)))
goto end;
goto err;
}
}
@ -900,7 +900,7 @@ int x509_main(int argc, char **argv)
/* prepare fallback for AKID, but only if issuer cert equals subject cert */
if (CAfile == NULL) {
if (!X509V3_set_issuer_pkey(&ext_ctx, privkey))
goto end;
goto err;
}
if (extconf != NULL && !x509toreq) {
X509V3_set_nconf(&ext_ctx, extconf);
@ -929,7 +929,7 @@ int x509_main(int argc, char **argv)
goto err;
}
if ((rq = x509_to_req(x, ext_copy, ext_names)) == NULL)
goto end;
goto err;
if (extconf != NULL) {
X509V3_set_nconf(&ext_ctx, extconf);
if (!X509V3_EXT_REQ_add_nconf(extconf, &ext_ctx, extsect, rq)) {
@ -939,7 +939,7 @@ int x509_main(int argc, char **argv)
}
}
if (!do_X509_REQ_sign(rq, privkey, digest, sigopts))
goto end;
goto err;
if (!noout) {
if (outformat == FORMAT_ASN1) {
X509_REQ_print_ex(out, rq, get_nameopt(), X509_FLAG_COMPAT);
@ -957,7 +957,7 @@ int x509_main(int argc, char **argv)
} else if (CAfile != NULL) {
if ((CAkey = load_key(CAkeyfile, CAkeyformat,
0, passin, e, "CA private key")) == NULL)
goto end;
goto err;
if (!X509_check_private_key(xca, CAkey)) {
BIO_printf(bio_err,
"CA certificate and CA private key do not match\n");
@ -965,10 +965,10 @@ int x509_main(int argc, char **argv)
}
if (!do_X509_sign(x, 0, CAkey, digest, sigopts, &ext_ctx))
goto end;
goto err;
} else if (privkey != NULL) {
if (!do_X509_sign(x, 0, privkey, digest, sigopts, &ext_ctx))
goto end;
goto err;
}
if (badsig) {
const ASN1_BIT_STRING *signature;
@ -992,11 +992,11 @@ int x509_main(int argc, char **argv)
BIGNUM *bnser = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL);
if (bnser == NULL)
goto end;
goto err;
if (!BN_add_word(bnser, 1)
|| (ser = BN_to_ASN1_INTEGER(bnser, NULL)) == NULL) {
BN_free(bnser);
goto end;
goto err;
}
BN_free(bnser);
i2a_ASN1_INTEGER(out, ser);