On Wed, Jun 12, 2013 at 12:02:52PM -0700, anu.engineer wrote:
> Just before signing the certificate the code executes this fragment
>
> pktmp=X509_get_pubkey(ret);
> if (EVP_PKEY_missing_parameters(pktmp) &&
> !EVP_PKEY_missing_parameters(pkey))
> EVP_PKEY_copy_parameters(pktmp,pkey);
> EVP_PKEY_free(pktmp);
I think that call to EVP_PKEY_copy_parameters should be checked
for success, otherwise failure to copy the parameters may go
unnoticed.
> My Question :
>
> 1) What parameters are we talking about here?
This is in part for GOST R 34.10. Per RFC 4491 section 2.3.1 when
the parameters are missing, they are inherited from the issuing
certificate. It looks like OpenSSL wants to avoid creating
certificates with missing parameters.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
