Fix CI pipeline failures

OpenSSL 3.1.2 doesn't like a NULL for the PKCS7_sign 'data' argument.

Signed-off-by: Charles Lane <lane@dchooz.org>
Signed-off-by: Dimitri Papadopoulos Orfanos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>

diff --git a/openssl.c b/openssl.c
index dd4d761d971a09fdd3cfd0db892ead49cdc60391..3f204d0f19af255a2d3df6a1ae6c08771dfcb5b6 100644 (file)
--- a/openssl.c
+++ b/openssl.c
@@ -2615,7 +2615,13 @@ int export_certificate_pkcs7(struct openconnect_info *vpninfo,
                goto err;
        X509_up_ref(oci->cert);
 
-       p7 = PKCS7_sign(NULL, NULL, oci->extra_certs, NULL, PKCS7_DETACHED);
+       bio = BIO_new(BIO_s_mem());
+       if (!bio) {
+               ret = -ENOMEM;
+               goto pkcs7_error;
+       }
+
+       p7 = PKCS7_sign(NULL, NULL, oci->extra_certs, bio, PKCS7_DETACHED);
        if (!p7) {
        err:
                vpn_progress(vpninfo, PRG_ERR,
@@ -2626,12 +2632,6 @@ int export_certificate_pkcs7(struct openconnect_info *vpninfo,
 
        ret = 0;
 
-       bio = BIO_new(BIO_s_mem());
-       if (!bio) {
-               ret = -ENOMEM;
-               goto pkcs7_error;
-       }
-
        if (format == CERT_FORMAT_ASN1) {
                ok = i2d_PKCS7_bio(bio, p7);
        } else if (format == CERT_FORMAT_PEM) {