[openssl] master update

beldmit at gmail.com beldmit at gmail.com
Fri Feb 14 14:59:33 UTC 2020

The branch master has been updated
       via  16d560439d8b1be5082228a87576a8f79b3525ac (commit)
      from  6943335e3e3889fd7a1c7b027ccdcd4f3955b5ec (commit)

- Log -----------------------------------------------------------------
commit 16d560439d8b1be5082228a87576a8f79b3525ac
Author: Bastian Germann <bage at linutronix.de>
Date:   Thu Feb 13 11:58:27 2020 +0100

    apps x509: passing PKCS#11 URL as -signkey
    OpenSSL 1.1.0 has extended option checking, and rejects passing a PKCS#11
    engine URL to "-signkey" option. The actual code is ready to take it.
    Change the option parsing to allow an engine URL to be passed and modify
    the manpage accordingly.
    CLA: trivial
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/11086)


Summary of changes:
 apps/x509.c                  | 2 +-
 doc/man1/openssl-x509.pod.in | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/apps/x509.c b/apps/x509.c
index c00753797e..7403669863 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -128,7 +128,7 @@ const OPTIONS x509_options[] = {
     {"setalias", OPT_SETALIAS, 's', "Set certificate alias"},
     {"days", OPT_DAYS, 'n',
      "How long till expiry of a signed certificate - def 30 days"},
-    {"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"},
+    {"signkey", OPT_SIGNKEY, 's', "Self sign cert with arg"},
     {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"},
     {"extensions", OPT_EXTENSIONS, 's', "Section from config file to use"},
     {"certopt", OPT_CERTOPT, 's', "Various certificate text options"},
diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in
index 3da2b0d122..50496984f8 100644
--- a/doc/man1/openssl-x509.pod.in
+++ b/doc/man1/openssl-x509.pod.in
@@ -45,7 +45,7 @@ B<openssl> B<x509>
 [B<-setalias> I<arg>]
 [B<-days> I<arg>]
 [B<-set_serial> I<n>]
-[B<-signkey> I<filename>]
+[B<-signkey> I<arg>]
 [B<-passin> I<arg>]
@@ -348,10 +348,11 @@ can thus behave like a "mini CA".
 =over 4
-=item B<-signkey> I<filename>
+=item B<-signkey> I<arg>
 This option causes the input file to be self signed using the supplied
-private key.
+private key or engine. The private key's format is specified with the
+B<-keyform> option.
 It sets the issuer name to the subject name (i.e., makes it self-issued)
 and changes the public key to the supplied value (unless overridden by

More information about the openssl-commits mailing list