apps/ca.c: Make sure ext_ctx structure gets initialized

Fixes #14175 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14181)
2024-11-27 05:21:51 +08:00 · 2021-02-14 20:12:38 +01:00 · 2021-02-14 20:12:38 +01:00 · d44a8a16c8
commit d44a8a16c8
parent fe75766c9c
1 changed files with 7 additions and 4 deletions
--- a/apps/ca.c
+++ b/apps/ca.c
@ -863,6 +863,7 @@ end_of_options:
            if (extensions != NULL) {
                /* Check syntax of config file section */
                X509V3_CTX ctx;
+
                X509V3_set_ctx_test(&ctx);
                X509V3_set_nconf(&ctx, conf);
                if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, NULL)) {
@ -1141,6 +1142,7 @@ end_of_options:
        if (crl_ext != NULL) {
            /* Check syntax of file */
            X509V3_CTX ctx;
+
            X509V3_set_ctx_test(&ctx);
            X509V3_set_nconf(&ctx, conf);
            if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) {
@ -1230,6 +1232,7 @@ end_of_options:

        if (crl_ext != NULL || crlnumberfile != NULL) {
            X509V3_CTX crlctx;
+
            X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
            X509V3_set_nconf(&crlctx, conf);

@ -1697,12 +1700,12 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
    if (!i)
        goto end;

+    /* Initialize the context structure */
+    X509V3_set_ctx(&ext_ctx, selfsign ? ret : x509,
+                   ret, req, NULL, X509V3_CTX_REPLACE);
+
    /* Lets add the extensions, if there are any */
    if (ext_sect) {
-        /* Initialize the context structure */
-        X509V3_set_ctx(&ext_ctx, selfsign ? ret : x509,
-                       ret, req, NULL, X509V3_CTX_REPLACE);
-
        if (extfile_conf != NULL) {
            if (verbose)
                BIO_printf(bio_err, "Extra configuration file found\n");