===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/ca.c,v
retrieving revision 1.47
retrieving revision 1.48
diff -c -r1.47 -r1.48
*** src/usr.bin/openssl/ca.c	2021/09/05 01:49:42	1.47
--- src/usr.bin/openssl/ca.c	2021/09/05 01:55:54	1.48
***************
*** 1,4 ****
! /* $OpenBSD: ca.c,v 1.47 2021/09/05 01:49:42 inoguchi Exp $ */
  /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   * All rights reserved.
   *
--- 1,4 ----
! /* $OpenBSD: ca.c,v 1.48 2021/09/05 01:55:54 inoguchi Exp $ */
  /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   * All rights reserved.
   *
***************
*** 2124,2129 ****
--- 2124,2144 ----
  		BIO_printf(bio_err, "Memory allocation failure\n");
  		goto err;
  	}
+ 
+ 	if (row[DB_name][0] == '\0') {
+ 		/*
+ 		 * An empty subject! We'll use the serial number instead. If
+ 		 * unique_subject is in use then we don't want different
+ 		 * entries with empty subjects matching each other.
+ 		 */
+ 		free(row[DB_name]);
+ 		row[DB_name] = strdup(row[DB_serial]);
+ 		if (row[DB_name] == NULL) {
+ 			BIO_printf(bio_err, "Memory allocation failure\n");
+ 			goto err;
+ 		}
+ 	}
+ 
  	if (db->attributes.unique_subject) {
  		OPENSSL_STRING *crow = row;
  
***************
*** 2469,2474 ****
--- 2484,2503 ----
  	else
  		row[DB_serial] = BN_bn2hex(bn);
  	BN_free(bn);
+ 
+ 	if (row[DB_name] != NULL && row[DB_name][0] == '\0') {
+ 		/*
+ 		 * Entries with empty Subjects actually use the serial number
+ 		 * instead
+ 		 */
+ 		free(row[DB_name]);
+ 		row[DB_name] = strdup(row[DB_serial]);
+ 		if (row[DB_name] == NULL) {
+ 			BIO_printf(bio_err, "Memory allocation failure\n");
+ 			goto err;
+ 		}
+ 	}
+ 
  	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) {
  		BIO_printf(bio_err, "Memory allocation failure\n");
  		goto err;