STACK_OF(GENERAL_NAME) *fnm = NULL;
STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
+ if (cnf->value == NULL) {
+ ERR_raise(ERR_LIB_X509V3, X509V3_R_MISSING_VALUE);
+ goto err;
+ }
+
if (HAS_PREFIX(cnf->name, "fullname")) {
fnm = gnames_from_sectname(ctx, cnf->value);
if (!fnm)
}
if (strcmp(cnf->name, "signTool") == 0) {
ist->signTool = ASN1_UTF8STRING_new();
- if (ist->signTool == NULL || !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) {
+ if (ist->signTool == NULL
+ || cnf->value == NULL
+ || !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) {
ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
goto err;
}
} else if (strcmp(cnf->name, "cATool") == 0) {
ist->cATool = ASN1_UTF8STRING_new();
- if (ist->cATool == NULL || !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) {
+ if (ist->cATool == NULL
+ || cnf->value == NULL
+ || !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) {
ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
goto err;
}
} else if (strcmp(cnf->name, "signToolCert") == 0) {
ist->signToolCert = ASN1_UTF8STRING_new();
- if (ist->signToolCert == NULL || !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) {
+ if (ist->signToolCert == NULL
+ || cnf->value == NULL
+ || !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) {
ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
goto err;
}
} else if (strcmp(cnf->name, "cAToolCert") == 0) {
ist->cAToolCert = ASN1_UTF8STRING_new();
- if (ist->cAToolCert == NULL || !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) {
+ if (ist->cAToolCert == NULL
+ || cnf->value == NULL
+ || !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) {
ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
goto err;
}
setup("test_x509");
-plan tests => 43;
+plan tests => 44;
# Prevent MSys2 filename munging for arguments that look like file paths but
# aren't
# verify issuer is CA
ok (get_issuer($a2_cert) =~ /CN=ca.example.com/);
+my $in_csr = srctop_file('test', 'certs', 'x509-check.csr');
+my $in_key = srctop_file('test', 'certs', 'x509-check-key.pem');
+my $invextfile = srctop_file('test', 'invalid-x509.cnf');
+# Test that invalid extensions settings fail
+ok(!run(app(["openssl", "x509", "-req", "-in", $in_csr, "-signkey", $in_key,
+ "-out", "/dev/null", "-days", "3650" , "-extensions", "ext",
+ "-extfile", $invextfile])));
+
# Tests for issue #16080 (fixed in 1.1.1o)
my $b_key = "b-key.pem";
my $b_csr = "b-cert.csr";