summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>2020-08-12 18:06:00 +0200
committerDr. David von Oheimb <David.von.Oheimb@siemens.com>2020-08-19 09:50:21 +0200
commitfc0aae737eb1cb2d2554caa8bffea80b8cbd38f9 (patch)
treeb1c9a7e0327e77d5f95ccbf30f544fabede325e9
parentOSSL_STORE file_load_try_decode(): Avoid flooding error queue by failed tries (diff)
downloadopenssl-fc0aae737eb1cb2d2554caa8bffea80b8cbd38f9.tar.xz
openssl-fc0aae737eb1cb2d2554caa8bffea80b8cbd38f9.zip
PKCS12_parse(): Fix reversed order of certs parsed and output via *ca
Fixes #6698 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12641)
Diffstat
-rw-r--r--CHANGES.md5
-rw-r--r--crypto/pkcs12/p12_kiss.c2
2 files changed, 6 insertions, 1 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 3ecdd5d99b..31e183f395 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1172,6 +1172,11 @@ OpenSSL 3.0
*Martin Elshuber*
+ * `PKCS12_parse` now maintains the order of the parsed certificates
+ when outputting them via `*ca` (rather than reversing it).
+
+ *David von Oheimb*
+
OpenSSL 1.1.1
-------------
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index eaf6501c1c..4cbf4530ff 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -89,7 +89,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
goto err;
}
- while ((x = sk_X509_pop(ocerts))) {
+ while ((x = sk_X509_shift(ocerts))) {
if (pkey != NULL && *pkey != NULL
&& cert != NULL && *cert == NULL) {
ERR_set_mark();
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-02 00:01:52 +0100