On Wed, May 01, 2013, Salz, Rich wrote: > Your suspicion in that old thread was right. Adding this fixed it: > > --- //projects/shared/openssl-6.101.5.1/akamai/openssl/apps/x509.c > 2013-03-01 23:14:34.000000000 0000 > +++ /home/rsalz/p4/misc/openssl/apps/x509.c 2013-03-01 23:14:34.000000000 > 0000 > @@ -1217,6 +1217,7 @@ > if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end; > } > > + x->cert_info->enc.modified = 1; > if (!do_X509_sign(bio_err, x, pkey, digest, sigopts)) > goto end; > ret=1; >
The bug was in X509_sign_ctx which didn't set the modified flag while the regular X509_sign did. Fixed now. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
