Skip to content

Commit b63dd4d

Browse files
sebastianassgallagher
sebastianas
authored and
sgallagher
committed
x509: Use proper version for CSR.
RFC 2986 only defines a single version for CSRs: X509_VERSION_1 (0). OpenSSL starting with 3.4 rejects everything else. Use X509_VERSION_1 as version for X509_REQ_set_version. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
1 parent 27325c2 commit b63dd4d

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/x509.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -169,7 +169,7 @@ sscg_x509v3_csr_new (TALLOC_CTX *mem_ctx,
169169
talloc_set_destructor ((TALLOC_CTX *)csr, _sscg_csr_destructor);
170170

171171
/* We will generate only x509v3 certificates */
172-
sslret = X509_REQ_set_version (csr->x509_req, 2);
172+
sslret = X509_REQ_set_version (csr->x509_req, X509_VERSION_1);
173173
CHECK_SSL (sslret, X509_REQ_set_version);
174174

175175
subject = X509_REQ_get_subject_name (csr->x509_req);

0 commit comments

Comments
 (0)