Revert setting version in CSR Init, and Version Change to MakeAndSign_ex

2025-03-06 16:49:13 -07:00 · 2025-03-06 16:49:13 -07:00 · 250fa3923f
parent 69aaa20b1a
commit 250fa3923f
1 changed files with 9 additions and 7 deletions
--- a/src/tpm2_wrap.c
+++ b/src/tpm2_wrap.c
@ -277,13 +277,7 @@ WOLFTPM2_CSR* wolfTPM2_NewCSR(void)
            csr = NULL;
        }
        if (csr) {
-            /* Set version to 2 for self-signed certificates, 0 for regular CSRs per RFC2986 */
-            if (csr->req.selfSigned) {
-                csr->req.version = 2;
-            }
-            else {
-                csr->req.version = 0;
-            }
+            csr->req.version = 0; /* per RFC2986 : CSR version should be 0 */
        }
    }
    return csr;
@ -7186,6 +7180,14 @@ int wolfTPM2_CSR_MakeAndSign_ex(WOLFTPM2_DEV* dev, WOLFTPM2_CSR* csr,
        return BAD_FUNC_ARG;
    }

+    /* Set version to 2 for self-signed certificates, 0 for regular CSRs per RFC2986 */
+    if (selfSignCert) {
+        csr->req.version = 2;
+    }
+    else {
+        csr->req.version = 0;
+    }
+
    rc = CSR_KeySetup(dev, csr, key, &csrKey, sigType, devId);
    if (rc == 0) {
        rc = CSR_MakeAndSign(dev, csr, &csrKey, outFormat, out, outSz,