mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-31 20:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Don't allow an empty Subject when creating a Certificate

Browse Source 
Misconfiguration (e.g. an empty policy section in the config file) can
lead to an empty Subject. Since certificates should have unique Subjects
this should not be allowed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5114)
This commit is contained in:
Matt Caswell 2018-01-19 14:34:56 +00:00
parent 154d8c132f
commit e505f1e868
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apps/ca.c
View File

@ -1403,6 +1403,10 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
BIO_printf(bio_err, "The Subject's Distinguished Name is as follows\n");
name = X509_REQ_get_subject_name(req);
if (X509_NAME_entry_count(name) == 0) {
BIO_printf(bio_err, "Error: The supplied Subject is empty\n");
goto end;
}
for (i = 0; i < X509_NAME_entry_count(name); i++) {
ne = X509_NAME_get_entry(name, i);
str = X509_NAME_ENTRY_get_data(ne);
@ -1565,6 +1569,12 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto end;
}
if (X509_NAME_entry_count(subject) == 0) {
BIO_printf(bio_err,
"Error: After applying policy the Subject is empty\n");
goto end;
}
if (verbose)
BIO_printf(bio_err,
"The subject name appears to be ok, checking data base for clashes\n");