diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-08-17 23:13:28 +0200 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-11-11 20:18:55 +0100 |
commit | adbd77f6d7cc4efb7b4bde483036fab8e48ce870 (patch) | |
tree | 2de0061bf11418cb9ebd080eb77f136c707040fa /apps/x509.c | |
parent | b0c1214e1e82bc4c98eadd11d368b4ba9ffa202c (diff) | |
download | openssl-new-adbd77f6d7cc4efb7b4bde483036fab8e48ce870.tar.gz |
X509: Fix handling of AKID and SKID extensions according to configuration
Fixes #16300
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16342)
Diffstat (limited to 'apps/x509.c')
-rw-r--r-- | apps/x509.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/apps/x509.c b/apps/x509.c index b88fb4f5ea..ff95821bab 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -810,6 +810,10 @@ int x509_main(int argc, char **argv) goto end; if (!x509toreq && !reqfile && !newcert && !self_signed(ctx, x)) goto end; + } else { + if (privkey != NULL && !cert_matches_key(x, privkey)) + BIO_printf(bio_err, + "Warning: Signature key and public key of cert do not match\n"); } if (sno != NULL && !X509_set_serialNumber(x, sno)) |