In the sign() function in apps/x509.c there is code that is supposed to copy the parameters from the supplied key to the certificate. Unfortunately this code crashes if the key in the input certificate is unrecognized or the X509_get_pubkey() call fails for another reason.
So at least the X509_get_pubkey() should be tested for NULL return. But given the X509_set_pubkey() call later in the function - does it really make sense to copy the parameters when they are overwritten anyway? I suppose the code could be dropped altogether. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org