[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

Richard Levitte levitte at openssl.org
Fri Nov 2 09:59:25 UTC 2018


The branch OpenSSL_1_1_1-stable has been updated
       via  b33e7698b8cb853bf94623e5e26f860a893eb677 (commit)
      from  6039651c43944cf4633483a74c2ef3a6b8c0c6c0 (commit)


- Log -----------------------------------------------------------------
commit b33e7698b8cb853bf94623e5e26f860a893eb677
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Oct 19 00:36:04 2018 +0200

    apps: Stop pretending to care about Netscape keys
    
    The documentation says some commands care, but the code says differently.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7440)
    
    (cherry picked from commit d91d443f0d26262148d1dc9d29f9fdf025b958ca)

-----------------------------------------------------------------------

Summary of changes:
 apps/apps.h       |  6 +++---
 apps/opt.c        |  1 -
 apps/rsa.c        |  4 ++--
 apps/x509.c       |  4 ++--
 doc/man1/rsa.pod  | 25 +++++--------------------
 doc/man1/x509.pod | 11 +++++------
 6 files changed, 17 insertions(+), 34 deletions(-)

diff --git a/apps/apps.h b/apps/apps.h
index 5b98d27..d9eb650 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -369,7 +369,7 @@ typedef struct string_int_pair_st {
 # define OPT_FMT_SMIME           (1L <<  3)
 # define OPT_FMT_ENGINE          (1L <<  4)
 # define OPT_FMT_MSBLOB          (1L <<  5)
-# define OPT_FMT_NETSCAPE        (1L <<  6)
+/* (1L <<  6) was OPT_FMT_NETSCAPE, but wasn't used */
 # define OPT_FMT_NSS             (1L <<  7)
 # define OPT_FMT_TEXT            (1L <<  8)
 # define OPT_FMT_HTTP            (1L <<  9)
@@ -378,8 +378,8 @@ typedef struct string_int_pair_st {
 # define OPT_FMT_PDS     (OPT_FMT_PEMDER | OPT_FMT_SMIME)
 # define OPT_FMT_ANY     ( \
         OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
-        OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \
-        OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
+        OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS   | \
+        OPT_FMT_TEXT   | OPT_FMT_HTTP   | OPT_FMT_PVK)
 
 char *opt_progname(const char *argv0);
 char *opt_getprog(void);
diff --git a/apps/opt.c b/apps/opt.c
index cc14184..6668565 100644
--- a/apps/opt.c
+++ b/apps/opt.c
@@ -168,7 +168,6 @@ static OPT_PAIR formats[] = {
     {"smime", OPT_FMT_SMIME},
     {"engine", OPT_FMT_ENGINE},
     {"msblob", OPT_FMT_MSBLOB},
-    {"netscape", OPT_FMT_NETSCAPE},
     {"nss", OPT_FMT_NSS},
     {"text", OPT_FMT_TEXT},
     {"http", OPT_FMT_HTTP},
diff --git a/apps/rsa.c b/apps/rsa.c
index 6458b3d..5098a20 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -38,8 +38,8 @@ typedef enum OPTION_choice {
 
 const OPTIONS rsa_options[] = {
     {"help", OPT_HELP, '-', "Display this summary"},
-    {"inform", OPT_INFORM, 'f', "Input format, one of DER NET PEM"},
-    {"outform", OPT_OUTFORM, 'f', "Output format, one of DER NET PEM PVK"},
+    {"inform", OPT_INFORM, 'f', "Input format, one of DER PEM"},
+    {"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"},
     {"in", OPT_IN, 's', "Input file"},
     {"out", OPT_OUT, '>', "Output file"},
     {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
diff --git a/apps/x509.c b/apps/x509.c
index d40960c..81291a9 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -67,10 +67,10 @@ typedef enum OPTION_choice {
 const OPTIONS x509_options[] = {
     {"help", OPT_HELP, '-', "Display this summary"},
     {"inform", OPT_INFORM, 'f',
-     "Input format - default PEM (one of DER, NET or PEM)"},
+     "Input format - default PEM (one of DER or PEM)"},
     {"in", OPT_IN, '<', "Input file - default stdin"},
     {"outform", OPT_OUTFORM, 'f',
-     "Output format - default PEM (one of DER, NET or PEM)"},
+     "Output format - default PEM (one of DER or PEM)"},
     {"out", OPT_OUT, '>', "Output file - default stdout"},
     {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},
     {"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"},
diff --git a/doc/man1/rsa.pod b/doc/man1/rsa.pod
index 14a8fb1..37f6461 100644
--- a/doc/man1/rsa.pod
+++ b/doc/man1/rsa.pod
@@ -9,8 +9,8 @@ rsa - RSA key processing tool
 
 B<openssl> B<rsa>
 [B<-help>]
-[B<-inform PEM|NET|DER>]
-[B<-outform PEM|NET|DER>]
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
 [B<-in filename>]
 [B<-passin arg>]
 [B<-out filename>]
@@ -53,16 +53,15 @@ utility.
 
 Print out a usage message.
 
-=item B<-inform DER|NET|PEM>
+=item B<-inform DER|PEM>
 
 This specifies the input format. The B<DER> option uses an ASN1 DER encoded
 form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format.
 The B<PEM> form is the default format: it consists of the B<DER> format base64
 encoded with additional header and footer lines. On input PKCS#8 format private
-keys are also accepted. The B<NET> form is a format is described in the B<NOTES>
-section.
+keys are also accepted.
 
-=item B<-outform DER|NET|PEM>
+=item B<-outform DER|PEM>
 
 This specifies the output format, the options have the same meaning and default
 as the B<-inform> option.
@@ -158,17 +157,6 @@ The PEM B<RSAPublicKey> format uses the header and footer lines:
  -----BEGIN RSA PUBLIC KEY-----
  -----END RSA PUBLIC KEY-----
 
-The B<NET> form is a format compatible with older Netscape servers
-and Microsoft IIS .key files, this uses unsalted RC4 for its encryption.
-It is not very secure and so should only be used when necessary.
-
-Some newer version of IIS have additional data in the exported .key
-files. To use these with the utility, view the file with a binary editor
-and look for the string "private-key", then trace back to the byte
-sequence 0x30, 0x82 (this is an ASN1 SEQUENCE). Copy all the data
-from this point onwards to another file and use that as the input
-to the B<rsa> utility with the B<-inform NET> option.
-
 =head1 EXAMPLES
 
 To remove the pass phrase on an RSA private key:
@@ -197,9 +185,6 @@ Output the public part of a private key in B<RSAPublicKey> format:
 
 =head1 BUGS
 
-The command line password arguments don't currently work with
-B<NET> format.
-
 There should be an option that automatically handles .key files,
 without having to manually edit them.
 
diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod
index 6e4d288..547da5d 100644
--- a/doc/man1/x509.pod
+++ b/doc/man1/x509.pod
@@ -9,8 +9,8 @@ x509 - Certificate display and signing utility
 
 B<openssl> B<x509>
 [B<-help>]
-[B<-inform DER|PEM|NET>]
-[B<-outform DER|PEM|NET>]
+[B<-inform DER|PEM>]
+[B<-outform DER|PEM>]
 [B<-keyform DER|PEM>]
 [B<-CAform DER|PEM>]
 [B<-CAkeyform DER|PEM>]
@@ -86,16 +86,15 @@ various sections.
 
 Print out a usage message.
 
-=item B<-inform DER|PEM|NET>
+=item B<-inform DER|PEM>
 
 This specifies the input format normally the command will expect an X509
 certificate but this can change if other options such as B<-req> are
 present. The DER format is the DER encoding of the certificate and PEM
 is the base64 encoding of the DER encoding with header and footer lines
-added. The NET option is an obscure Netscape server format that is now
-obsolete. The default format is PEM.
+added. The default format is PEM.
 
-=item B<-outform DER|PEM|NET>
+=item B<-outform DER|PEM>
 
 This specifies the output format, the options have the same meaning and default
 as the B<-inform> option.


More information about the openssl-commits mailing list