[openssl] master update

Thu Dec 19 08:59:59 UTC 2019

The branch master has been updated
       via  0ab6fc79a9a63370be1a615729dc2a6ed0d6c89b (commit)
      from  625c781dc76df145cfd30eeff7b6de7dfcc8afc7 (commit)


- Log -----------------------------------------------------------------
commit 0ab6fc79a9a63370be1a615729dc2a6ed0d6c89b
Author: Jussi Keranen <jussi.keranen at vincit.com>
Date:   Wed Dec 11 15:08:04 2019 +0200

    Fix regression on x509 keyform argument
    
    In OpenSSL pre 1.1.0, 'openssl x509 -keyform engine' was possible
    and supported.  In 1.1.0, type of keyform argument is OPT_FMT_PEMDER
    which doesn't support engine. This changes type of keyform argument
    to OPT_FMT_PDE which means PEM, DER or engine and updates the manpage
    including keyform and CAkeyform.
    
    This restores the pre 1.1.0 behavior.
    
    This issue is very similar than https://github.com/openssl/openssl/issues/4366
    
    CLA: trivial
    
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10609)

-----------------------------------------------------------------------

Summary of changes:
 apps/x509.c                  | 4 ++--
 doc/man1/openssl-x509.pod.in | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/apps/x509.c b/apps/x509.c
index b4ef74c0cf..c00753797e 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -78,7 +78,7 @@ const OPTIONS x509_options[] = {
     {"outform", OPT_OUTFORM, 'f',
      "Output format - default PEM (one of DER or PEM)"},
     {"out", OPT_OUT, '>', "Output file - default stdout"},
-    {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},
+    {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
     {"req", OPT_REQ, '-', "Input is a certificate request, sign and output"},
 
     OPT_SECTION("Output"),
@@ -231,7 +231,7 @@ int x509_main(int argc, char **argv)
                 goto opthelp;
             break;
         case OPT_KEYFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat))
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyformat))
                 goto opthelp;
             break;
         case OPT_CAFORM:
diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in
index 066df4eadf..ae9957117a 100644
--- a/doc/man1/openssl-x509.pod.in
+++ b/doc/man1/openssl-x509.pod.in
@@ -11,9 +11,9 @@ B<openssl> B<x509>
 [B<-help>]
 [B<-inform> B<DER>|B<PEM>]
 [B<-outform> B<DER>|B<PEM>]
-[B<-keyform> B<DER>|B<PEM>]
+[B<-keyform> B<DER>|B<PEM>|B<ENGINE>]
 [B<-CAform> B<DER>|B<PEM>]
-[B<-CAkeyform> B<DER>|B<PEM>]
+[B<-CAkeyform> B<DER>|B<PEM>|B<ENGINE>]
 [B<-in> I<filename>]
 [B<-out> I<filename>]
 [B<-serial>]
