From 56c91e6dda3252b40396fcecd4005a823a8c7bf5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Jun 2018 06:24:33 +0200 Subject: [PATCH] openssl ca: open the output file as late as possible Fixes #6544 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6546) (cherry picked from commit 63871d9f810fec1e8a441d82c9ac79c58b19e2ad) --- apps/ca.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index fe9d29b5bb..c69a2b5cdd 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -729,10 +729,6 @@ end_of_options: output_der = 1; batch = 1; } - Sout = bio_open_default(outfile, 'w', - output_der ? FORMAT_ASN1 : FORMAT_TEXT); - if (Sout == NULL) - goto end; } if (md == NULL @@ -1020,6 +1016,11 @@ end_of_options: if (verbose) BIO_printf(bio_err, "writing %s\n", buf[2]); + Sout = bio_open_default(outfile, 'w', + output_der ? FORMAT_ASN1 : FORMAT_TEXT); + if (Sout == NULL) + goto end; + Cout = BIO_new_file(buf[2], "w"); if (Cout == NULL) { perror(buf[2]); @@ -1028,6 +1029,8 @@ end_of_options: write_new_certificate(Cout, xi, 0, notext); write_new_certificate(Sout, xi, output_der, notext); BIO_free_all(Cout); + BIO_free_all(Sout); + Sout = NULL; } if (sk_X509_num(cert_sk)) { @@ -1176,6 +1179,11 @@ end_of_options: if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts)) goto end; + Sout = bio_open_default(outfile, 'w', + output_der ? FORMAT_ASN1 : FORMAT_TEXT); + if (Sout == NULL) + goto end; + PEM_write_bio_X509_CRL(Sout, crl); if (crlnumberfile != NULL) /* Rename the crlnumber file */ -- 2.25.1