ca.c fix [-noemailDN]

Sat, 27 Oct 2001 08:51:29 -0700 

Hi,

I found 2 bugs in the previous patch, so here them are the fixes against
latest SNAP (20011026).

Poblems:

        1. the dn_subject structure was not freed at the end of
           the do_body function;

        2. the dn_subject was not set (empty) if email_dn was set to 1.
           This caused the entry in the index.txt file to report null DN
           set.

To apply the patchm simply copy it into the openssl/apps dir and do the
following:

        $ patch <ca.c.fix-20011026

This will fix the bugs listed.

-- 

C'you,

        Massimiliano Pala

--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]                  [EMAIL PROTECTED]
                                                          [EMAIL PROTECTED]
                                                     [EMAIL PROTECTED]
http://www.openca.org                            Tel.:   +39 (0)59  270  094
http://openca.sourceforge.net                    Mobile: +39 (0)347 7222 365
--- ca.c        Thu Oct 25 11:00:26 2001
+++ ca.c.new    Sat Oct 27 18:51:09 2001
@@ -238,7 +238,7 @@
                int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
        unsigned long certopt, unsigned long nameopt, int default_op,
        int ext_copy);
-static X509_NAME *do_subject(char *subject, int email_dn);
+static X509_NAME *do_subject(char *subject);
 static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval);
 static int get_certificate_status(const char *ser_status, TXT_DB *db);
 static int do_updatedb(TXT_DB *db);
@@ -1859,7 +1859,7 @@
 
        if (subj)
                {
-               X509_NAME *n = do_subject(subj, email_dn);
+               X509_NAME *n = do_subject(subj);
 
                if (!n)
                        {
@@ -2071,6 +2071,11 @@
                                }
                        }
                }
+       else
+               {
+                       dn_subject=X509_NAME_dup(subject);
+                       if(dn_subject == NULL) goto err;
+               }
 
        row[DB_name]=X509_NAME_oneline(dn_subject,NULL,0);
        row[DB_serial]=BN_bn2hex(serial);
@@ -2325,6 +2330,8 @@
 
        if (CAname != NULL)
                X509_NAME_free(CAname);
+       if (dn_subject != NULL)
+               X509_NAME_free(dn_subject);
        if (subject != NULL)
                X509_NAME_free(subject);
        if (tmptm != NULL)
@@ -2992,7 +2999,7 @@
        return ret;
        }
 
-static X509_NAME *do_subject(char *subject, int email_dn)
+static X509_NAME *do_subject(char *subject)
        {
        X509_NAME *n = NULL;
 
@@ -3040,9 +3047,6 @@
                        BIO_printf(bio_err, "No value provided for Subject Attribute 
%s, skipped\n", ne_name);
                        continue;
                        }
-
-               if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0))
-                       continue;
 
                if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC, (unsigned 
char*)ne_value, -1,-1,0))
                        {

S/MIME Cryptographic Signature

Reply via email to