From f99648638c8340cbc0cb7ddaa54309435bda9530 Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@openssl.org>
Date: Mon, 9 Jul 2018 14:55:17 -0400
Subject: [PATCH] Add tests for the "req" command, -addext flag

Also fixed a memory leak found by the test.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6681)
---
 apps/req.c                 |  1 +
 test/recipes/25-test_req.t | 34 +++++++++++++++++++---------------
 2 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/apps/req.c b/apps/req.c
index 066e7c668f..48f3a3ab98 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -947,6 +947,7 @@ int req_main(int argc, char **argv)
         ERR_print_errors(bio_err);
     }
     NCONF_free(req_conf);
+    NCONF_free(addext_conf);
     BIO_free(addext_bio);
     BIO_free(in);
     BIO_free_all(out);
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index fa79219e1d..b6d233548f 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_req");
 
-plan tests => 8;
+plan tests => 9;
 
 require_ok(srctop_file('test','recipes','tconversion.pl'));
 
@@ -23,26 +23,30 @@ open RND, ">>", ".rnd";
 print RND "string to make the random number generator think it has randomness";
 close RND;
 
-# Check for duplicate -addext parameters
+# What type of key to generate?
+my @req_new;
+if (disabled("rsa")) {
+    @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
+} else {
+    @req_new = ("-new");
+    note("There should be a 2 sequences of .'s and some +'s.");
+    note("There should not be more that at most 80 per line");
+}
+
+# Check for duplicate -addext parameters, and one "working" case.
+my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
+    "-config", srctop_file("test", "test.cnf"), @req_new );
 my $val = "subjectAltName=DNS:example.com";
 my $val2 = " " . $val;
 my $val3 = $val;
 $val3 =~ s/=/    =/;
-ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val])));
-ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val2])));
-ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val3])));
-ok(!run(app(["openssl", "req", "-new", "-addext", $val2, "-addext", $val3])));
+ok( run(app([@addext_args, "-addext", $val])));
+ok(!run(app([@addext_args, "-addext", $val, "-addext", $val])));
+ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
+ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
+ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
 
 subtest "generating certificate requests" => sub {
-    my @req_new;
-    if (disabled("rsa")) {
-	@req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
-    } else {
-	@req_new = ("-new");
-	note("There should be a 2 sequences of .'s and some +'s.");
-	note("There should not be more that at most 80 per line");
-    }
-
     plan tests => 2;
 
     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
-- 
2.25.1