[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Richard Levitte levitte at openssl.org
Thu May 11 15:22:56 UTC 2017 

The branch OpenSSL_1_1_0-stable has been updated
       via  d9d4122dd15c388a245c4edb28144ea919f9ddf1 (commit)
      from  bc8a4d54a87b3ac3307683c94eccf5d817348000 (commit)


- Log -----------------------------------------------------------------
commit d9d4122dd15c388a245c4edb28144ea919f9ddf1
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Thu May 11 14:25:17 2017 +0200

    Fix regression in openssl req -x509 behaviour.
    
    Allow conversion of existing requests to certificates again.
    Fixes the issue #3396
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3437)
    (cherry picked from commit 888adbe064556ff5ab2f1d16a223b0548696614c)

-----------------------------------------------------------------------

Summary of changes:
 apps/req.c       | 6 ++++--
 doc/apps/req.pod | 3 +++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/apps/req.c b/apps/req.c
index a1cbfe2..a749925 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -289,7 +289,6 @@ int req_main(int argc, char **argv)
             break;
         case OPT_X509:
             x509 = 1;
-            newreq = 1;
             break;
         case OPT_DAYS:
             days = atoi(opt_arg());
@@ -329,6 +328,9 @@ int req_main(int argc, char **argv)
     if (argc != 0)
         goto opthelp;
 
+    if (x509 && infile == NULL)
+        newreq = 1;
+
     if (!nmflag_set)
         nmflag = XN_FLAG_ONELINE;
 
@@ -583,7 +585,7 @@ int req_main(int argc, char **argv)
         }
     }
 
-    if (newreq) {
+    if (newreq || x509) {
         if (pkey == NULL) {
             BIO_printf(bio_err, "you need to specify a private key\n");
             goto end;
diff --git a/doc/apps/req.pod b/doc/apps/req.pod
index 83b5704..8cfe2bc 100644
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -233,6 +233,9 @@ a self signed root CA. The extensions added to the certificate
 using the B<set_serial> option, a large random number will be used for
 the serial number.
 
+If existing request is specified with the B<-in> option, it is converted
+to the self signed certificate otherwise new request is created.
+
 =item B<-days n>
 
 when the B<-x509> option is being used this specifies the number of

More information about the openssl-commits mailing list