From 92d619450ad70a81252028d1daa0b8f2efb51a1d Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 8 Jan 2021 07:30:51 +0100 Subject: apps/cmp.c: Improve diagnostics on loading private vs. public key for cert request Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13841) --- apps/cmp.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index b28b7431ce..223a6ae3d1 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1603,12 +1603,18 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) const int format = opt_keyform; const char *pass = opt_newkeypass; const char *desc = "new private key for cert to be enrolled"; - EVP_PKEY *pkey = load_key_pwd(file, format, pass, engine, desc); + EVP_PKEY *pkey; int priv = 1; + BIO *bio_bak = bio_err; + bio_err = NULL; /* suppress diagnostics on first try loading key */ + pkey = load_key_pwd(file, format, pass, engine, desc); + bio_err = bio_bak; if (pkey == NULL) { ERR_clear_error(); - desc = "fallback public key for cert to be enrolled"; + desc = opt_csr == NULL + ? "fallback public key for cert to be enrolled" + : "public key for checking cert resulting from p10cr"; pkey = load_pubkey(file, format, 0, pass, engine, desc); priv = 0; } -- cgit v1.2.3