[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
Matt Caswell
matt at openssl.org
Wed Jan 30 15:47:59 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via fea9f34a2e9c018430385c9073161b4daa484843 (commit)
from a6d6d64570fe6bf3078c5bc4a35c1d509ef1ee15 (commit)
- Log -----------------------------------------------------------------
commit fea9f34a2e9c018430385c9073161b4daa484843
Author: Matt Caswell <matt at openssl.org>
Date: Tue Jan 29 15:04:38 2019 +0000
Complain if -twopass is used incorrectly
The option -twopass to the pkcs12 app is ignored if -passin, -passout
or -password is used. We should complain if an attempt is made to use
it in combination with those options.
Fixes #8107
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8114)
(cherry picked from commit 40b64553f577716cb4898895f5fd4530a6266c75)
-----------------------------------------------------------------------
Summary of changes:
apps/pkcs12.c | 7 +++++++
doc/man1/pkcs12.pod | 3 ++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index c8fc452..f10f8da 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -311,6 +311,13 @@ int pkcs12_main(int argc, char **argv)
if (cpass != NULL) {
mpass = cpass;
noprompt = 1;
+ if (twopass) {
+ if (export_cert)
+ BIO_printf(bio_err, "Option -twopass cannot be used with -passout or -password\n");
+ else
+ BIO_printf(bio_err, "Option -twopass cannot be used with -passin or -password\n");
+ goto end;
+ }
} else {
cpass = pass;
mpass = macpass;
diff --git a/doc/man1/pkcs12.pod b/doc/man1/pkcs12.pod
index 3389e59..f4c4c41 100644
--- a/doc/man1/pkcs12.pod
+++ b/doc/man1/pkcs12.pod
@@ -154,7 +154,8 @@ Don't attempt to verify the integrity MAC before reading the file.
Prompt for separate integrity and encryption passwords: most software
always assumes these are the same so this option will render such
-PKCS#12 files unreadable.
+PKCS#12 files unreadable. Cannot be used in combination with the options
+-password, -passin (if importing) or -passout (if exporting).
=back
More information about the openssl-commits
mailing list