[openssl] master update

tmraz at fedoraproject.org tmraz at fedoraproject.org
Wed Feb 26 16:24:40 UTC 2020

The branch master has been updated
       via  d4c3bdb0f1fffeab899926a85f1b27aabcfd9fa4 (commit)
      from  38e6c4907e3b81f05d384d2c938c55762221de63 (commit)

- Log -----------------------------------------------------------------
commit d4c3bdb0f1fffeab899926a85f1b27aabcfd9fa4
Author: Bastian Germann <bage at linutronix.de>
Date:   Thu Feb 13 11:45:50 2020 +0100

    apps x509: restrict CAkeyform option to OPT_FMT_PDE
    CAkeyform may be set to PEM, DER or ENGINE, but the current options
    are not using the proper optionformat 'E' (OPT_FMT_PDE) for this.
    Set the valtype for CAkeyform to 'E' and use OPT_FMT_PDE when extracting
    the option value.
    This amends 0ab6fc79a9a ("Fix regression on x509 keyform argument") which
    did the same thing for keyform and changed the manpage synopsis entries
    for both keyform and CAkeyform but did not change the option section.
    Hence, change the option section for both of them.
    CLA: trivial
    Co-developed-by: Torben Hohn <torben.hohn at linutronix.de>
    Signed-off-by: Torben Hohn <torben.hohn at linutronix.de>
    Signed-off-by: Bastian Germann <bage at linutronix.de>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/11085)


Summary of changes:
 apps/x509.c                  | 4 ++--
 doc/man1/openssl-x509.pod.in | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/apps/x509.c b/apps/x509.c
index 7403669863..a8ec118180 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -145,7 +145,7 @@ const OPTIONS x509_options[] = {
     {"extfile", OPT_EXTFILE, '<', "File with X509V3 extensions to add"},
     {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"},
-    {"CAkeyform", OPT_CAKEYFORM, 'f', "CA key format - default PEM"},
+    {"CAkeyform", OPT_CAKEYFORM, 'E', "CA key format - default PEM"},
     {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
     {"CAcreateserial", OPT_CACREATESERIAL, '-',
      "Create serial number file if it does not exist"},
@@ -239,7 +239,7 @@ int x509_main(int argc, char **argv)
                 goto opthelp;
         case OPT_CAKEYFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_ANY, &CAkeyformat))
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &CAkeyformat))
                 goto opthelp;
         case OPT_OUT:
diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in
index 50496984f8..1ec2110100 100644
--- a/doc/man1/openssl-x509.pod.in
+++ b/doc/man1/openssl-x509.pod.in
@@ -383,12 +383,12 @@ certificate is being created from another certificate (for example with
 the B<-signkey> or the B<-CA> options). Normally all extensions are
-=item B<-keyform> B<DER>|B<PEM>
+=item B<-keyform> B<DER>|B<PEM>|B<ENGINE>
 The key format; the default is B<PEM>.
 See L<openssl(1)/Format Options> for details.
-=item B<-CAform> B<DER>|B<PEM>, B<-CAkeyform> B<DER>|B<PEM>
+=item B<-CAform> B<DER>|B<PEM>, B<-CAkeyform> B<DER>|B<PEM>|B<ENGINE>
 The format for the CA certificate and key; the default is B<PEM>.
 See L<openssl(1)/Format Options> for details.

More information about the openssl-commits mailing list