OpenSSL 1.0.1t is known bad. 1.0.2 and 1.1.0 are apparently ok.
-set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid)
+set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid, X509_NAME *subj)
{
X509_NAME *name = akid_issuer_name(akid);
{
X509_NAME *name = akid_issuer_name(akid);
* must use that.
*/
return X509_set_issuer_name(cert,
* must use that.
*/
return X509_set_issuer_name(cert,
- name ? name : X509_get_subject_name(cert));
*/
if ( !X509_set_version(cert, 2)
|| !set_serial(cert, akid, subject)
*/
if ( !X509_set_version(cert, 2)
|| !set_serial(cert, akid, subject)
- || !set_issuer_name(cert, akid)
+ || !set_issuer_name(cert, akid, name)
|| !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L)
|| !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L)
|| !X509_set_subject_name(cert, name)
|| !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L)
|| !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L)
|| !X509_set_subject_name(cert, name)