From d597208c034722d09612c805e4894b0019bdd710 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 17 Mar 2018 12:30:47 +0100 Subject: [PATCH] ts_RESP_sign: Don't try to use v2 signing when ESS digest isn't set Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5653) --- crypto/ts/ts_rsp_sign.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 6569956285..ba9d53d00b 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -678,7 +678,8 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx) } certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL; - if (ctx->ess_cert_id_digest == EVP_sha1()) { + if (ctx->ess_cert_id_digest == NULL + || ctx->ess_cert_id_digest == EVP_sha1()) { if ((sc = ess_SIGNING_CERT_new_init(ctx->signer_cert, certs)) == NULL) goto err; -- GitLab