[openssl] master update
beldmit at gmail.com
beldmit at gmail.com
Tue Aug 3 20:07:27 UTC 2021
The branch master has been updated
via 6b38d7dc1bccc708279ca5091ebc28cd4bdf225d (commit)
from ab98861e919b8f8f7fee3f2d44ef3b4b05908a25 (commit)
- Log -----------------------------------------------------------------
commit 6b38d7dc1bccc708279ca5091ebc28cd4bdf225d
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Mon Aug 2 17:00:51 2021 +0200
If we have passed the private key, don't copy it implicitly
Fixes #16197
Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16199)
-----------------------------------------------------------------------
Summary of changes:
apps/req.c | 2 +-
doc/man1/openssl-req.pod.in | 11 ++++++-----
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/apps/req.c b/apps/req.c
index eb286f8a8e..5524092f2c 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -686,7 +686,7 @@ int req_main(int argc, char **argv)
EVP_PKEY_CTX_free(genctx);
genctx = NULL;
}
- if (keyout == NULL) {
+ if (keyout == NULL && keyfile == NULL) {
keyout = NCONF_get_string(req_conf, section, KEYFILE);
if (keyout == NULL)
ERR_clear_error();
diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in
index 7897610818..75d0da1743 100644
--- a/doc/man1/openssl-req.pod.in
+++ b/doc/man1/openssl-req.pod.in
@@ -205,11 +205,12 @@ See L<openssl-format-options(1)> for details.
=item B<-keyout> I<filename>
This gives the filename to write any private key to that has been newly created
-or read from B<-key>.
-If the B<-keyout> option is not given the filename specified in the
-configuration file with the B<default_keyfile> option is used, if present.
-If a new key is generated and no filename is specified
-the key is written to standard output.
+or read from B<-key>. If neither the B<-keyout> option nor the B<-key> option
+are given then the filename specified in the configuration file with the
+B<default_keyfile> option is used, if present. Thus, if you want to write the
+private key and the B<-key> option is provided, you should provide the
+B<-keyout> option explicitly. If a new key is generated and no filename is
+specified the key is written to standard output.
=item B<-noenc>
More information about the openssl-commits
mailing list