diff options
author | Viktor Dukhovni <viktor1dane@dukhovni.org> | 2017-12-01 22:13:19 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2017-12-16 02:21:10 +0000 |
commit | 4f5830fe24fb69e5f1cc11d5bf9d608c256a4c2a (patch) | |
tree | 466bb67385c1429023ecf233b5c771309c93ef1d | |
parent | 854586e1495b0a0f4be2a561c419ec4671009dbd (diff) |
DANE: fix type-2xx TLSA under older OpenSSL versions Bug 2198
OpenSSL 1.0.1t is known bad. 1.0.2 and 1.1.0 are apparently ok.
-rw-r--r-- | src/src/dane-openssl.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c index 33c945d9a..bb3763a48 100644 --- a/src/src/dane-openssl.c +++ b/src/src/dane-openssl.c @@ -409,7 +409,7 @@ return 0; } static int -set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid) +set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid, X509_NAME *subj) { X509_NAME *name = akid_issuer_name(akid); @@ -418,7 +418,7 @@ X509_NAME *name = akid_issuer_name(akid); * must use that. */ return X509_set_issuer_name(cert, - name ? name : X509_get_subject_name(cert)); + name ? name : subj); } static int @@ -500,7 +500,7 @@ akid = X509_get_ext_d2i(subject, NID_authority_key_identifier, 0, 0); */ if ( !X509_set_version(cert, 2) || !set_serial(cert, akid, subject) - || !set_issuer_name(cert, akid) + || !set_issuer_name(cert, akid, name) || !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L) || !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L) || !X509_set_subject_name(cert, name) |