apps/ca.c: Make sure ext_ctx structure gets initialized

Fixes #14175

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14181)

1 files changed, 7 insertions, 4 deletions

diff --git a/apps/ca.c b/apps/ca.c
index 29f62f86f2..dbb4d15eb8 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -863,6 +863,7 @@ end_of_options:
             if (extensions != NULL) {
                 /* Check syntax of config file section */
                 X509V3_CTX ctx;
+
                 X509V3_set_ctx_test(&ctx);
                 X509V3_set_nconf(&ctx, conf);
                 if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, NULL)) {
@@ -1141,6 +1142,7 @@ end_of_options:
         if (crl_ext != NULL) {
             /* Check syntax of file */
             X509V3_CTX ctx;
+
             X509V3_set_ctx_test(&ctx);
             X509V3_set_nconf(&ctx, conf);
             if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) {
@@ -1230,6 +1232,7 @@ end_of_options:
 
         if (crl_ext != NULL || crlnumberfile != NULL) {
             X509V3_CTX crlctx;
+
             X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
             X509V3_set_nconf(&crlctx, conf);
 
@@ -1697,12 +1700,12 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
     if (!i)
         goto end;
 
+    /* Initialize the context structure */
+    X509V3_set_ctx(&ext_ctx, selfsign ? ret : x509,
+                   ret, req, NULL, X509V3_CTX_REPLACE);
+
     /* Lets add the extensions, if there are any */
     if (ext_sect) {
-        /* Initialize the context structure */
-        X509V3_set_ctx(&ext_ctx, selfsign ? ret : x509,
-                       ret, req, NULL, X509V3_CTX_REPLACE);
-
         if (extfile_conf != NULL) {
             if (verbose)
                 BIO_printf(bio_err, "Extra configuration file found\n");