x509: Use proper version for CSR.

RFC 2986 only defines a single version for CSRs: X509_VERSION_1 (0). OpenSSL starting with 3.4 rejects everything else. Use X509_VERSION_1 as version for X509_REQ_set_version. Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
sgallagher · Oct 19, 2024 · b63dd4d · b63dd4d
1 parent 27325c2
commit b63dd4d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/x509.c b/src/x509.c
@@ -169,7 +169,7 @@ sscg_x509v3_csr_new (TALLOC_CTX *mem_ctx,
   talloc_set_destructor ((TALLOC_CTX *)csr, _sscg_csr_destructor);
 
   /* We will generate only x509v3 certificates */
-  sslret = X509_REQ_set_version (csr->x509_req, 2);
+  sslret = X509_REQ_set_version (csr->x509_req, X509_VERSION_1);
   CHECK_SSL (sslret, X509_REQ_set_version);
 
   subject = X509_REQ_get_subject_name (csr->x509_req);