summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonathan Gray <jsg@cvs.openbsd.org>2017-05-31 06:46:58 +0000
committerJonathan Gray <jsg@cvs.openbsd.org>2017-05-31 06:46:58 +0000
commitecb618331c40c05f9b7c644bd74d2ab04c49f0c3 (patch)
tree77128c86648c6b7c3c0adec0ecadfb8da6f43d08
parent497cd28d09f7161d77ae7a1d6354256ece101f65 (diff)
ca_revoke() gets called two ways. Directly from ca_opt() with keyname
set to the cert to revoke, and indirectly from ca_create() with a keyname set to NULL. ca_create() sets REQ_EXT so avoid setting it in ca_revoke() when keyname is NULL and the crl database is being initialised. Avoids "REQ_EXT already set" when creating a CA error introduced in rev 1.44 which set REQ_EXT unconditionally in ca_revoke().
-rw-r--r--usr.sbin/ikectl/ikeca.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/usr.sbin/ikectl/ikeca.c b/usr.sbin/ikectl/ikeca.c
index 8b15b603ff4..08f96b5f705 100644
--- a/usr.sbin/ikectl/ikeca.c
+++ b/usr.sbin/ikectl/ikeca.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ikeca.c,v 1.44 2017/05/24 04:55:57 jsg Exp $ */
+/* $OpenBSD: ikeca.c,v 1.45 2017/05/31 06:46:57 jsg Exp $ */
/*
* Copyright (c) 2010 Jonathan Gray <jsg@openbsd.org>
@@ -900,7 +900,9 @@ ca_revoke(struct ca *ca, char *keyname)
ca_setenv("$ENV::CADB", ca->index);
ca_setenv("$ENV::CASERIAL", ca->serial);
- ca_setenv("$ENV::REQ_EXT", "req");
+ if (keyname)
+ ca_setenv("$ENV::REQ_EXT", "");
+
ca_setcnf(ca, "ca-revoke");
if (keyname) {