diff options
author | Jonathan Gray <jsg@cvs.openbsd.org> | 2017-05-31 06:46:58 +0000 |
---|---|---|
committer | Jonathan Gray <jsg@cvs.openbsd.org> | 2017-05-31 06:46:58 +0000 |
commit | ecb618331c40c05f9b7c644bd74d2ab04c49f0c3 (patch) | |
tree | 77128c86648c6b7c3c0adec0ecadfb8da6f43d08 | |
parent | 497cd28d09f7161d77ae7a1d6354256ece101f65 (diff) |
ca_revoke() gets called two ways. Directly from ca_opt() with keyname
set to the cert to revoke, and indirectly from ca_create() with a
keyname set to NULL.
ca_create() sets REQ_EXT so avoid setting it in ca_revoke() when keyname
is NULL and the crl database is being initialised.
Avoids "REQ_EXT already set" when creating a CA error introduced
in rev 1.44 which set REQ_EXT unconditionally in ca_revoke().
-rw-r--r-- | usr.sbin/ikectl/ikeca.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/usr.sbin/ikectl/ikeca.c b/usr.sbin/ikectl/ikeca.c index 8b15b603ff4..08f96b5f705 100644 --- a/usr.sbin/ikectl/ikeca.c +++ b/usr.sbin/ikectl/ikeca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikeca.c,v 1.44 2017/05/24 04:55:57 jsg Exp $ */ +/* $OpenBSD: ikeca.c,v 1.45 2017/05/31 06:46:57 jsg Exp $ */ /* * Copyright (c) 2010 Jonathan Gray <jsg@openbsd.org> @@ -900,7 +900,9 @@ ca_revoke(struct ca *ca, char *keyname) ca_setenv("$ENV::CADB", ca->index); ca_setenv("$ENV::CASERIAL", ca->serial); - ca_setenv("$ENV::REQ_EXT", "req"); + if (keyname) + ca_setenv("$ENV::REQ_EXT", ""); + ca_setcnf(ca, "ca-revoke"); if (keyname) { |