*/
static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
{
+ X509_REQ *csr = NULL;
+ X509_EXTENSIONS *exts = NULL;
+ X509V3_CTX ext_ctx;
+
if (opt_subject == NULL
&& opt_csr == NULL && opt_oldcert == NULL && opt_cert == NULL
&& opt_cmd != CMP_RR && opt_cmd != CMP_GENM)
return 0;
}
+ if (opt_csr != NULL) {
+ if (opt_cmd == CMP_GENM) {
+ CMP_warn("-csr option is ignored for genm command");
+ } else {
+ csr = load_csr_autofmt(opt_csr, "PKCS#10 CSR for p10cr");
+ if (csr == NULL)
+ return 0;
+ if (!OSSL_CMP_CTX_set1_p10CSR(ctx, csr)) {
+ X509_REQ_free(csr);
+ goto oom;
+ }
+ }
+ }
if (opt_reqexts != NULL || opt_policies != NULL) {
- X509V3_CTX ext_ctx;
- X509_EXTENSIONS *exts = sk_X509_EXTENSION_new_null();
-
- if (exts == NULL)
- return 0;
- X509V3_set_ctx(&ext_ctx, NULL, NULL, NULL, NULL, 0);
+ if ((exts = sk_X509_EXTENSION_new_null()) == NULL)
+ goto exts_err;
+ X509V3_set_ctx(&ext_ctx, NULL, NULL, csr, NULL, X509V3_CTX_REPLACE);
X509V3_set_nconf(&ext_ctx, conf);
if (opt_reqexts != NULL
&& !X509V3_EXT_add_nconf_sk(conf, &ext_ctx, opt_reqexts, &exts)) {
CMP_err1("cannot load certificate request extension section '%s'",
opt_reqexts);
- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
- return 0;
+ goto exts_err;
}
if (opt_policies != NULL
&& !X509V3_EXT_add_nconf_sk(conf, &ext_ctx, opt_policies, &exts)) {
CMP_err1("cannot load policy cert request extension section '%s'",
opt_policies);
- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
- return 0;
+ goto exts_err;
}
OSSL_CMP_CTX_set0_reqExtensions(ctx, exts);
+ exts = NULL;
}
+ X509_REQ_free(csr);
+ csr = NULL;
if (OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) && opt_sans != NULL) {
CMP_err("cannot have Subject Alternative Names both via -reqexts and via -sans");
return 0;
if (opt_popo >= OSSL_CRMF_POPO_NONE)
(void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_POPO_METHOD, opt_popo);
- if (opt_csr != NULL) {
- if (opt_cmd == CMP_GENM) {
- CMP_warn("-csr option is ignored for genm command");
- } else {
- X509_REQ *csr = load_csr_autofmt(opt_csr, "PKCS#10 CSR for p10cr");
-
- if (csr == NULL)
- return 0;
- if (!OSSL_CMP_CTX_set1_p10CSR(ctx, csr)) {
- X509_REQ_free(csr);
- goto oom;
- }
- X509_REQ_free(csr);
- }
- }
-
if (opt_oldcert != NULL) {
if (opt_cmd == CMP_GENM) {
CMP_warn("-oldcert option is ignored for genm command");
oom:
CMP_err("out of memory");
+ exts_err:
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+ X509_REQ_free(csr);
return 0;
}