From a4dae718420f74bae455afa80b40e2ba2ab6f8d5 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Sun, 28 Aug 2022 17:51:46 +0000
Subject: [PATCH] Set the X.509 request version number.

Rather than assuming the default value from X509_REQ_new(), explicitly set
the X.509 request version number to zero.

ok tb@
---
 usr.sbin/acme-client/keyproc.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/acme-client/keyproc.c b/usr.sbin/acme-client/keyproc.c
index 96ece27396b..7c4767b6ee5 100644
--- a/usr.sbin/acme-client/keyproc.c
+++ b/usr.sbin/acme-client/keyproc.c
@@ -1,4 +1,4 @@
-/*	$Id: keyproc.c,v 1.16 2021/09/17 20:02:24 sthen Exp $ */
+/*	$Id: keyproc.c,v 1.17 2022/08/28 17:51:46 jsing Exp $ */
 /*
  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -147,6 +147,9 @@ keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
 	if ((x = X509_REQ_new()) == NULL) {
 		warnx("X509_new");
 		goto out;
+	} else if (!X509_REQ_set_version(x, 0)) {
+		warnx("X509_set_version");
+		goto out;
 	} else if (!X509_REQ_set_pubkey(x, pkey)) {
 		warnx("X509_set_pubkey");
 		goto out;
-- 
2.20.1