[openssl] OpenSSL_1_1_1-stable update

Richard Levitte levitte at openssl.org
Sun Mar 8 15:49:52 UTC 2020

The branch OpenSSL_1_1_1-stable has been updated
       via  9aba5c5ff2ccfe59e1c7d77918804919d549ebbc (commit)
      from  4eca3ec728f328a1b05553814e58ca9aa1cb4e78 (commit)

- Log -----------------------------------------------------------------
commit 9aba5c5ff2ccfe59e1c7d77918804919d549ebbc
Author: Bastian Germann <bage at linutronix.de>
Date:   Thu Feb 13 11:58:27 2020 +0100

    apps x509: passing PKCS#11 URL as -signkey
    OpenSSL 1.1.0 has extended option checking, and rejects passing a PKCS#11
    engine URL to "-signkey" option. The actual code is ready to take it.
    Change the option parsing to allow an engine URL to be passed and modify
    the manpage accordingly.
    CLA: trivial
    (cherry picked from commit 16d560439d8b1be5082228a87576a8f79b3525ac)
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/11173)


Summary of changes:
 apps/x509.c       | 2 +-
 doc/man1/x509.pod | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/apps/x509.c b/apps/x509.c
index 79518a4e62..49117151e2 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -107,7 +107,7 @@ const OPTIONS x509_options[] = {
     {"checkend", OPT_CHECKEND, 'M',
      "Check whether the cert expires in the next arg seconds"},
     {OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"},
-    {"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"},
+    {"signkey", OPT_SIGNKEY, 's', "Self sign cert with arg"},
     {"x509toreq", OPT_X509TOREQ, '-',
      "Output a certification request object"},
     {"req", OPT_REQ, '-', "Input is a certificate request, sign and output"},
diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod
index e498aee4ff..ab1a39c9c6 100644
--- a/doc/man1/x509.pod
+++ b/doc/man1/x509.pod
@@ -44,7 +44,7 @@ B<openssl> B<x509>
 [B<-setalias arg>]
 [B<-days arg>]
 [B<-set_serial n>]
-[B<-signkey filename>]
+[B<-signkey arg>]
 [B<-passin arg>]
@@ -350,10 +350,11 @@ can thus behave like a "mini CA".
 =over 4
-=item B<-signkey filename>
+=item B<-signkey arg>
 This option causes the input file to be self signed using the supplied
-private key.
+private key or engine. The private key's format is specified with the
+B<-keyform> option.
 If the input file is a certificate it sets the issuer name to the
 subject name (i.e.  makes it self signed) changes the public key to the

More information about the openssl-commits mailing list