root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

PKCS12_parse(): Fix reversed order of certs parsed and output via *ca 

Fixes #6698

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12641)
This commit is contained in:
Dr. David von Oheimb 2020-08-12 18:06:00 +02:00
parent 9a30f40c57
commit fc0aae737e
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES.md
View File

@ -1172,6 +1172,11 @@ OpenSSL 3.0
*Martin Elshuber*
* `PKCS12_parse` now maintains the order of the parsed certificates
when outputting them via `*ca` (rather than reversing it).
*David von Oheimb*
OpenSSL 1.1.1
-------------

2
crypto/pkcs12/p12_kiss.c
View File

@ -89,7 +89,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
goto err;
}
while ((x = sk_X509_pop(ocerts))) {
while ((x = sk_X509_shift(ocerts))) {
if (pkey != NULL && *pkey != NULL
&& cert != NULL && *cert == NULL) {
ERR_set_mark();