[openssl] OpenSSL_1_1_1-stable update
Richard Levitte
levitte at openssl.org
Sun Mar 8 15:49:52 UTC 2020
The branch OpenSSL_1_1_1-stable has been updated
via 9aba5c5ff2ccfe59e1c7d77918804919d549ebbc (commit)
from 4eca3ec728f328a1b05553814e58ca9aa1cb4e78 (commit)
- Log -----------------------------------------------------------------
commit 9aba5c5ff2ccfe59e1c7d77918804919d549ebbc
Author: Bastian Germann <bage at linutronix.de>
Date: Thu Feb 13 11:58:27 2020 +0100
apps x509: passing PKCS#11 URL as -signkey
OpenSSL 1.1.0 has extended option checking, and rejects passing a PKCS#11
engine URL to "-signkey" option. The actual code is ready to take it.
Change the option parsing to allow an engine URL to be passed and modify
the manpage accordingly.
CLA: trivial
(cherry picked from commit 16d560439d8b1be5082228a87576a8f79b3525ac)
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11173)
-----------------------------------------------------------------------
Summary of changes:
apps/x509.c | 2 +-
doc/man1/x509.pod | 7 ++++---
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/apps/x509.c b/apps/x509.c
index 79518a4e62..49117151e2 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -107,7 +107,7 @@ const OPTIONS x509_options[] = {
{"checkend", OPT_CHECKEND, 'M',
"Check whether the cert expires in the next arg seconds"},
{OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"},
- {"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"},
+ {"signkey", OPT_SIGNKEY, 's', "Self sign cert with arg"},
{"x509toreq", OPT_X509TOREQ, '-',
"Output a certification request object"},
{"req", OPT_REQ, '-', "Input is a certificate request, sign and output"},
diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod
index e498aee4ff..ab1a39c9c6 100644
--- a/doc/man1/x509.pod
+++ b/doc/man1/x509.pod
@@ -44,7 +44,7 @@ B<openssl> B<x509>
[B<-setalias arg>]
[B<-days arg>]
[B<-set_serial n>]
-[B<-signkey filename>]
+[B<-signkey arg>]
[B<-passin arg>]
[B<-x509toreq>]
[B<-req>]
@@ -350,10 +350,11 @@ can thus behave like a "mini CA".
=over 4
-=item B<-signkey filename>
+=item B<-signkey arg>
This option causes the input file to be self signed using the supplied
-private key.
+private key or engine. The private key's format is specified with the
+B<-keyform> option.
If the input file is a certificate it sets the issuer name to the
subject name (i.e. makes it self signed) changes the public key to the
More information about the openssl-commits
mailing list