From 1a683b80dc9ad4dcbf206a0617364a9d614a9883 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Mon, 7 Dec 2020 19:37:46 +0100 Subject: apps/{ca,req,x509}.c: Improve diag and doc mostly on X.509 extensions, fix multiple instances This includes a general correction in the code (now using the X509V3_CTX_REPLACE flag) and adding a prominent clarification in the documentation: If multiple entries are processed for the same extension name, later entries override earlier ones with the same name. This is due to an RFC 5280 requirement - the intro of its section 4.2 says: A certificate MUST NOT include more than one instance of a particular extension. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13614) --- test/recipes/25-test_x509.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/recipes') diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t index 54fbe78e96..19ff335f82 100644 --- a/test/recipes/25-test_x509.t +++ b/test/recipes/25-test_x509.t @@ -126,7 +126,7 @@ sub test_errors { # actually tests diagnostics of OSSL_STORE # 3 tests for non-existence of spurious OSSL_STORE ASN.1 parse error output. # This requires provoking a failure exit of the app after reading input files. -ok(test_errors("bad output format", "root-cert.pem", '-outform', 'http'), +ok(test_errors("Bad output format", "root-cert.pem", '-outform', 'http'), "load root-cert errors"); ok(test_errors("RC2-40-CBC", "v3-certs-RC2.p12", '-passin', 'pass:v3-certs'), "load v3-certs-RC2 no asn1 errors"); # error msg should mention "RC2-40-CBC" -- cgit v1.2.3