Make OCSP cert id code tolerate a missing issuer certificate

or serial number.
2001-02-23 13:04:24 +00:00 · 2001-02-23 13:04:24 +00:00 · d7c06e9ec7
commit d7c06e9ec7
parent 386828d029
2 changed files with 22 additions and 5 deletions
--- a/6
+++ b/6
@ -3,6 +3,12 @@
 Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
  *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and
     OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate
     ID to be generated from the issuer certificate alone which can then be
     passed to OCSP_id_issuer_cmp().
     [Steve Henson]
  *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new
     ASN1 modules to export functions returning ASN1_ITEM pointers
     instead of the ASN1_ITEM structures themselves. This adds several
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@ -80,8 +80,16 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
 #ifndef OPENSSL_NO_SHA1
 	if(!dgst) dgst = EVP_sha1();
 #endif
-	iname = X509_get_issuer_name(subject);
+	if (subject)
-	serial = X509_get_serialNumber(subject);
+		{
 		iname = X509_get_issuer_name(subject);
 		serial = X509_get_serialNumber(subject);
 		}
 	else
 		{
 		iname = X509_get_subject_name(issuer);
 		serial = NULL;
 		}
 	ikey = X509_get0_pubkey_bitstr(issuer);
 	return OCSP_cert_id_new(dgst, iname, ikey, serial);
 }
@ -119,8 +127,11 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
 	if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
-	if (cid->serialNumber != NULL) ASN1_INTEGER_free(cid->serialNumber);
+	if (serialNumber)
-	if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err;
+		{
 		ASN1_INTEGER_free(cid->serialNumber);
 		if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err;
 		}
 	return cid;
 digerr:
 	OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_DIGEST_ERR);