openssl ca: open the output file as late as possible

Fixes #6544 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6546)
2018-06-21 06:24:33 +02:00 · 2018-06-21 06:24:33 +02:00 · 63871d9f81
commit 63871d9f81
parent 6e501c4719
1 changed files with 12 additions and 4 deletions
--- a/apps/ca.c
+++ b/apps/ca.c
@ -726,10 +726,6 @@ end_of_options:
            output_der = 1;
            batch = 1;
        }
-        Sout = bio_open_default(outfile, 'w',
-                                output_der ? FORMAT_ASN1 : FORMAT_TEXT);
-        if (Sout == NULL)
-            goto end;
    }

    if (md == NULL && (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL)
@ -1025,6 +1021,11 @@ end_of_options:
            if (verbose)
                BIO_printf(bio_err, "writing %s\n", new_cert);

+            Sout = bio_open_default(outfile, 'w',
+                                    output_der ? FORMAT_ASN1 : FORMAT_TEXT);
+            if (Sout == NULL)
+                goto end;
+
            Cout = BIO_new_file(new_cert, "w");
            if (Cout == NULL) {
                perror(new_cert);
@ -1033,6 +1034,8 @@ end_of_options:
            write_new_certificate(Cout, xi, 0, notext);
            write_new_certificate(Sout, xi, output_der, notext);
            BIO_free_all(Cout);
+            BIO_free_all(Sout);
+            Sout = NULL;
        }

        if (sk_X509_num(cert_sk)) {
@ -1181,6 +1184,11 @@ end_of_options:
        if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts))
            goto end;

+        Sout = bio_open_default(outfile, 'w',
+                                output_der ? FORMAT_ASN1 : FORMAT_TEXT);
+        if (Sout == NULL)
+            goto end;
+
        PEM_write_bio_X509_CRL(Sout, crl);

        if (crlnumberfile != NULL) /* Rename the crlnumber file */