openssl ca: open the output file as late as possible

Fixes #6544 Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6546)

openssl ca: open the output file as late as possible
Fixes #6544 Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6546)
63871d9f · Richard Levitte · 6e501c47 · 63871d9f
隐藏空白更改
内联并排

Showing with 12 addition and 4 deletion

apps/ca.c apps/ca.c +12 -4

未找到文件。
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -726,10 +726,6 @@ end_of_options:
            output_der = 1;
            batch = 1;
        }
-        Sout = bio_open_default(outfile, 'w',
-                                output_der ? FORMAT_ASN1 : FORMAT_TEXT);
-        if (Sout == NULL)
-            goto end;
    }

    if (md == NULL && (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL)
@@ -1025,6 +1021,11 @@ end_of_options:
            if (verbose)
                BIO_printf(bio_err, "writing %s\n", new_cert);

+            Sout = bio_open_default(outfile, 'w',
+                                    output_der ? FORMAT_ASN1 : FORMAT_TEXT);
+            if (Sout == NULL)
+                goto end;
+
            Cout = BIO_new_file(new_cert, "w");
            if (Cout == NULL) {
                perror(new_cert);
@@ -1033,6 +1034,8 @@ end_of_options:
            write_new_certificate(Cout, xi, 0, notext);
            write_new_certificate(Sout, xi, output_der, notext);
            BIO_free_all(Cout);
+            BIO_free_all(Sout);
+            Sout = NULL;
        }

        if (sk_X509_num(cert_sk)) {
@@ -1181,6 +1184,11 @@ end_of_options:
        if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts))
            goto end;

+        Sout = bio_open_default(outfile, 'w',
+                                output_der ? FORMAT_ASN1 : FORMAT_TEXT);
+        if (Sout == NULL)
+            goto end;
+
        PEM_write_bio_X509_CRL(Sout, crl);

        if (crlnumberfile != NULL) /* Rename the crlnumber file */