EVP_PKEY *pktmp = NULL;
int ok = -1, i;
- req = load_csr_autofmt(infile, informat, "certificate request");
+ req = load_csr_autofmt(infile, informat, vfyopts, "certificate request");
if (req == NULL)
goto end;
if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) {
if (opt_cmd == CMP_GENM) {
CMP_warn("-csr option is ignored for command 'genm'");
} else {
- csr = load_csr_autofmt(opt_csr, FORMAT_UNDEF, "PKCS#10 CSR");
+ csr = load_csr_autofmt(opt_csr, FORMAT_UNDEF, NULL, "PKCS#10 CSR");
if (csr == NULL)
return 0;
if (!OSSL_CMP_CTX_set1_p10CSR(ctx, csr))
int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2);
int add_oid_section(CONF *conf);
X509_REQ *load_csr(const char *file, int format, const char *desc);
-X509_REQ *load_csr_autofmt(const char *infile, int format, const char *desc);
+X509_REQ *load_csr_autofmt(const char *infile, int format,
+ STACK_OF(OPENSSL_STRING) *vfyopts, const char *desc);
X509 *load_cert_pass(const char *uri, int format, int maybe_stdin,
const char *pass, const char *desc);
# define load_cert(uri, format, desc) load_cert_pass(uri, format, 1, NULL, desc)
}
/* Better extend OSSL_STORE to support CSRs, see FR #15725 */
-X509_REQ *load_csr_autofmt(const char *infile, int format, const char *desc)
+X509_REQ *load_csr_autofmt(const char *infile, int format,
+ STACK_OF(OPENSSL_STRING) *vfyopts, const char *desc)
{
X509_REQ *csr;
}
if (csr != NULL) {
EVP_PKEY *pkey = X509_REQ_get0_pubkey(csr);
- int ret = do_X509_REQ_verify(csr, pkey, NULL /* vfyopts */);
+ int ret = do_X509_REQ_verify(csr, pkey, vfyopts);
if (pkey == NULL || ret < 0)
- BIO_puts(bio_err, "Warning: error while verifying CSR self-signature");
+ BIO_puts(bio_err, "Warning: error while verifying CSR self-signature\n");
else if (ret == 0)
- BIO_puts(bio_err, "Warning: CSR self-signature does not match the contents");
+ BIO_puts(bio_err, "Warning: CSR self-signature does not match the contents\n");
return csr;
}
return csr;
BIO_printf(bio_err,
"Warning: Not placing -key in cert or request since request is used\n");
req = load_csr_autofmt(infile /* if NULL, reads from stdin */,
- informat, "X509 request");
+ informat, vfyopts, "X509 request");
if (req == NULL)
goto end;
} else if (infile != NULL) {
if (infile == NULL)
BIO_printf(bio_err,
"Warning: Reading cert request from stdin since no -in option is given\n");
- req = load_csr_autofmt(infile, informat, "certificate request input");
+ req = load_csr_autofmt(infile, informat, vfyopts,
+ "certificate request input");
if (req == NULL)
goto end;