[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Rich Salz
rsalz at openssl.org
Wed May 17 14:26:40 UTC 2017
The branch OpenSSL_1_0_2-stable has been updated
via d130456f738cfd7dfb9e192aa6d1848f5faebbf0 (commit)
from 7c300b9d2a9af4d2d28efa0576f1a28af7b2dabf (commit)
- Log -----------------------------------------------------------------
commit d130456f738cfd7dfb9e192aa6d1848f5faebbf0
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Wed May 17 15:37:39 2017 +0200
Fix regression in openssl req -x509 behaviour.
Allow conversion of existing requests to certificates again.
Fixes the issue #3396
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3485)
-----------------------------------------------------------------------
Summary of changes:
apps/req.c | 6 ++++--
doc/apps/req.pod | 3 +++
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/apps/req.c b/apps/req.c
index cdea1f6..ede1d32 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -331,7 +331,6 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv, "-text") == 0)
text = 1;
else if (strcmp(*argv, "-x509") == 0) {
- newreq = 1;
x509 = 1;
} else if (strcmp(*argv, "-asn1-kludge") == 0)
kludge = 1;
@@ -447,6 +446,9 @@ int MAIN(int argc, char **argv)
goto end;
}
+ if (x509 && infile == NULL)
+ newreq = 1;
+
ERR_load_crypto_strings();
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
@@ -753,7 +755,7 @@ int MAIN(int argc, char **argv)
}
}
- if (newreq) {
+ if (newreq || x509) {
if (pkey == NULL) {
BIO_printf(bio_err, "you need to specify a private key\n");
goto end;
diff --git a/doc/apps/req.pod b/doc/apps/req.pod
index 30653e5..1682ba5 100644
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -237,6 +237,9 @@ a self signed root CA. The extensions added to the certificate
using the B<set_serial> option, a large random number will be used for
the serial number.
+If existing request is specified with the B<-in> option, it is converted
+to the self signed certificate otherwise new request is created.
+
=item B<-days n>
when the B<-x509> option is being used this specifies the number of
More information about the openssl-commits
mailing list