Browse Source

apps/cmp.c: Check self-signature on CSR input and warn on failure

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13841)
master
Dr. David von Oheimb 1 year ago
committed by Dr. David von Oheimb
parent
commit
6b63b7b61e
1 changed files with 8 additions and 0 deletions
  1. +8
    -0
      apps/cmp.c

+ 8
- 0
apps/cmp.c View File

@ -673,6 +673,14 @@ static X509_REQ *load_csr_autofmt(const char *infile, const char *desc)
ERR_print_errors(bio_err);
BIO_printf(bio_err, "error: unable to load %s from file '%s'\n", desc,
infile);
} else {
EVP_PKEY *pkey = X509_REQ_get0_pubkey(csr);
int ret = do_X509_REQ_verify(csr, pkey, NULL /* vfyopts */);
if (pkey == NULL || ret < 0)
CMP_warn("error while verifying CSR self-signature");
else if (ret == 0)
CMP_warn("CSR self-signature does not match the contents");
}
return csr;
}


Loading…
Cancel
Save