New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
apps: silent warning when loading CSR files with vfyopt option #20799
Conversation
Would it be possible to add a test? |
Hi @t8m , I manually typed in the command to do the test. When
I need some help, I don't know how to add tests to detect this warning in make test. |
When verifying or signing a CSR file with the -vfyopt option, a warning message similar to the following will appear: Warning: CSR self-signature does not match the contents This happens especially when the SM2 algorithm is used and the distid parameter is added. Pass the vfyopts parameter to the do_X509_REQ_verify() function to eliminate the warning message. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Please do not rebase the PR unless there is a conflict. |
This pull request is ready to merge |
When verifying or signing a CSR file with the -vfyopt option, a warning message similar to the following will appear: Warning: CSR self-signature does not match the contents This happens especially when the SM2 algorithm is used and the distid parameter is added. Pass the vfyopts parameter to the do_X509_REQ_verify() function to eliminate the warning message. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #20799)
Merged to master branch. Thank you for your contribution. Unfortunately this fix does not apply to 3.1 and 3.0 branches cleanly. Could you please submit a backported fix against the 3.1 branch if you're interested in having this fixed on 3.1 and 3.0 branches? |
In branches 3.0 and 3.1, only the |
When verifying or signing a CSR file with the -vfyopt option, a warning message similar to the following will appear:
Warning: CSR self-signature does not match the contents
This happens especially when the SM2 algorithm is used and the distid parameter is added. Pass the vfyopts parameter to the do_X509_REQ_verify() function to eliminate the warning message.
Checklist