Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix re-signing certificates with different key sizes
PR openssl#18129 broke the scenario of signing a certificate (not CSR) with different-sized key. This works in 3.0, so port the fix from 3.0 (which is to only update the issuer for a request). Create two certs (a and ca) then sign a with c (into b): ``` openssl req -x509 -newkey rsa:2048 -keyout a-key.pem -out a-cert.pem -days 365 -nodes -subj /CN=a.example.com openssl req -x509 -newkey rsa:4096 -keyout ${HERE}/ca-key.pem -out ${HERE}/ca-cert.pem -days 3650 -nodes -subj /CN=ca.example.com openssl x509 -in a-cert.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial '1234567890' -preserve_dates -sha256 -out b-cert.pem ``` The above succeeds in 1.1.1n and 3.0, fails in 1.1.1o (which includes openssl#18129)
- Loading branch information