From 63871d9f810fec1e8a441d82c9ac79c58b19e2ad Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Jun 2018 06:24:33 +0200 Subject: [PATCH] openssl ca: open the output file as late as possible Fixes #6544 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6546) --- apps/ca.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 60c8f6c373..4a8396ee07 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -726,10 +726,6 @@ end_of_options: output_der = 1; batch = 1; } - Sout = bio_open_default(outfile, 'w', - output_der ? FORMAT_ASN1 : FORMAT_TEXT); - if (Sout == NULL) - goto end; } if (md == NULL && (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL) @@ -1025,6 +1021,11 @@ end_of_options: if (verbose) BIO_printf(bio_err, "writing %s\n", new_cert); + Sout = bio_open_default(outfile, 'w', + output_der ? FORMAT_ASN1 : FORMAT_TEXT); + if (Sout == NULL) + goto end; + Cout = BIO_new_file(new_cert, "w"); if (Cout == NULL) { perror(new_cert); @@ -1033,6 +1034,8 @@ end_of_options: write_new_certificate(Cout, xi, 0, notext); write_new_certificate(Sout, xi, output_der, notext); BIO_free_all(Cout); + BIO_free_all(Sout); + Sout = NULL; } if (sk_X509_num(cert_sk)) { @@ -1181,6 +1184,11 @@ end_of_options: if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts)) goto end; + Sout = bio_open_default(outfile, 'w', + output_der ? FORMAT_ASN1 : FORMAT_TEXT); + if (Sout == NULL) + goto end; + PEM_write_bio_X509_CRL(Sout, crl); if (crlnumberfile != NULL) /* Rename the crlnumber file */ -- 2.25.1