From 2e1989193b24b5be97fe457714e994d58798df26 Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 18 Aug 2022 16:26:33 +0000 Subject: [PATCH] Allow empty attribute sets in CSRs While each attribute must contain at least one extension, it is not required that a CSR have attributes at all. Instead of signalling an error by returning NULL if no extensions are found, return an empty stack of extensions. Via OpenSSL 1f02ca2d ok jsing --- lib/libcrypto/x509/x509_req.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/libcrypto/x509/x509_req.c b/lib/libcrypto/x509/x509_req.c index 8d5bf585096..c0a2a64a0b0 100644 --- a/lib/libcrypto/x509/x509_req.c +++ b/lib/libcrypto/x509/x509_req.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_req.c,v 1.28 2022/01/22 00:34:48 inoguchi Exp $ */ +/* $OpenBSD: x509_req.c,v 1.29 2022/08/18 16:26:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -224,7 +224,9 @@ X509_REQ_get_extensions(X509_REQ *req) ext = X509_ATTRIBUTE_get0_type(attr, 0); break; } - if (ext == NULL || ext->type != V_ASN1_SEQUENCE) + if (ext == NULL) + return sk_X509_EXTENSION_new_null(); + if (ext->type != V_ASN1_SEQUENCE) return NULL; p = ext->value.sequence->data; return d2i_X509_EXTENSIONS(NULL, &p, ext->value.sequence->length); -- 2.20.1