From 586b5407d6138ce23416d4101168ab0c2b1651b6 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Tue, 30 May 2023 21:09:26 +0200
Subject: [PATCH] apps.c: add comment to do_X509_sign() referring to question
 #19805

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)
---
 apps/lib/apps.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 79980257bdeef..4f92016ee2f57 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -2349,6 +2349,7 @@ int do_X509_sign(X509 *cert, int force_v1, EVP_PKEY *pkey, const char *md,
                              "keyid, issuer", !self_sign))
             goto end;
     }
+    /* May add further measures for ensuring RFC 5280 compliance, see #19805 */
 
     if (mctx != NULL && do_sign_init(mctx, pkey, md, sigopts) > 0)
         rv = (X509_sign_ctx(cert, mctx) > 0);