CMP app: fix combination of -certout and -chainout with equal filename argument

Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/24267)
author: Dr. David von Oheimb <dev@ddvo.net> 2024-04-25 20:05:22 +0200
committer: Todd Short <todd.short@me.com> 2024-06-18 13:52:57 -0400
commit: 5aec3f4a72604d76970581f1ea445b331beda608 (patch)
tree: ef2f00013cf159441b18aa001c0c54fe439df8f4 /apps
parent: f4b4a185b546044150821f1929e5cd6fd0dfba99 (diff)
download: openssl-5aec3f4a72604d76970581f1ea445b331beda608.zip
openssl-5aec3f4a72604d76970581f1ea445b331beda608.tar.gz
openssl-5aec3f4a72604d76970581f1ea445b331beda608.tar.bz2
1 files changed, 21 insertions, 6 deletions
diff --git a/apps/cmp.c b/apps/cmp.c
index 7639ab2..8d880c5 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -3594,13 +3594,28 @@ int cmp_main(int argc, char **argv)
                             opt_extracertsout, "extra") < 0)
             goto err;
         if (newcert != NULL && (opt_cmd == CMP_IR || opt_cmd == CMP_CR
-                                || opt_cmd == CMP_KUR || opt_cmd == CMP_P10CR))
-            if (!save_cert_or_delete(newcert, opt_certout, "newly enrolled")
-                || save_free_certs(OSSL_CMP_CTX_get1_newChain(cmp_ctx),
-                                   opt_chainout, "chain") < 0
-                || save_free_certs(OSSL_CMP_CTX_get1_caPubs(cmp_ctx),
-                                   opt_cacertsout, "CA") < 0)
+                                || opt_cmd == CMP_KUR || opt_cmd == CMP_P10CR)) {
+            STACK_OF(X509) *newchain = OSSL_CMP_CTX_get1_newChain(cmp_ctx);
+
+            if (newcert != NULL && newchain != NULL /* NULL is on error only */
+                && opt_certout != NULL && opt_chainout != NULL
+                && strcmp(opt_certout, opt_chainout) == 0) {
+                if (!X509_add_cert(newchain, newcert, X509_ADD_FLAG_PREPEND
+                                   | X509_ADD_FLAG_UP_REF)) {
+                    sk_X509_pop_free(newchain, X509_free);
+                    goto err;
+                }
+                if (!save_free_certs(newchain, opt_chainout, "newly enrolled cert and chain"))
+                    goto err;
+            } else {
+                if (save_free_certs(newchain, opt_chainout, "chain") < 0
+                    || !save_cert_or_delete(newcert, opt_certout, "newly enrolled"))
+                    goto err;
+            }
+            if (save_free_certs(OSSL_CMP_CTX_get1_caPubs(cmp_ctx),
+                                opt_cacertsout, "CA") < 0)
                 goto err;
+        }
         if (!OSSL_CMP_CTX_reinit(cmp_ctx))
             goto err;
     }
author	Dr. David von Oheimb <dev@ddvo.net>	2024-04-25 20:05:22 +0200
committer	Todd Short <todd.short@me.com>	2024-06-18 13:52:57 -0400
commit	5aec3f4a72604d76970581f1ea445b331beda608 (patch)
tree	ef2f00013cf159441b18aa001c0c54fe439df8f4 /apps
parent	f4b4a185b546044150821f1929e5cd6fd0dfba99 (diff)
download	openssl-5aec3f4a72604d76970581f1ea445b331beda608.zip openssl-5aec3f4a72604d76970581f1ea445b331beda608.tar.gz openssl-5aec3f4a72604d76970581f1ea445b331beda608.tar.bz2