Reencode certificates in X509_sign_ctx.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 2 May 2013 11:18:46 +0000 (12:18 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 2 May 2013 11:19:40 +0000 (12:19 +0100)
Reencode certificates in X509_sign_ctx as well as X509_sign.

This was causing a problem in the x509 application when it modified an
existing certificate.

crypto/x509/x_all.c

index bb64c34..51d23f7 100644 (file)
@@ -98,6 +98,7 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 
 int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
        {
+       x->cert_info->enc.modified = 1;
        return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
                x->cert_info->signature,
                x->sig_alg, x->signature, x->cert_info, ctx);