projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 311276f)
ts_RESP_sign: Don't try to use v2 signing when ESS digest isn't set
authorRichard Levitte <levitte@openssl.org>
Sat, 17 Mar 2018 11:30:47 +0000 (12:30 +0100)
committerRichard Levitte <levitte@openssl.org>
Sat, 17 Mar 2018 13:47:41 +0000 (14:47 +0100)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5653)

crypto/ts/ts_rsp_sign.c patch | blob | history

diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index 6569956285c90603f77ad06118c51ec52de57b97..ba9d53d00b72f4c5bf3ea78b1eca1f9fde6fb2fa 100644 (file)
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -678,7 +678,8 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx)
     }
 
     certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL;
     }
 
     certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL;
-    if (ctx->ess_cert_id_digest == EVP_sha1()) {
+    if (ctx->ess_cert_id_digest == NULL
+        || ctx->ess_cert_id_digest == EVP_sha1()) {
         if ((sc = ess_SIGNING_CERT_new_init(ctx->signer_cert, certs)) == NULL)
             goto err;
 
         if ((sc = ess_SIGNING_CERT_new_init(ctx->signer_cert, certs)) == NULL)
             goto err;
 
Unnamed repository; edit this file 'description' to name the repository.