[openssl] master update

dev at ddvo.net dev at ddvo.net
Fri Feb 19 15:58:40 UTC 2021


The branch master has been updated
       via  5e128ed1209335fb72fe50a68640331e354cbea6 (commit)
       via  a3361c3755f4127a8017acf84aa924a5b8e52ff9 (commit)
      from  c2279499fd17673b631785887c339cf35f088c41 (commit)


- Log -----------------------------------------------------------------
commit 5e128ed1209335fb72fe50a68640331e354cbea6
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed Jan 20 20:41:15 2021 +0100

    CMP: Fix total_timeout behavior; small doc and diagnostic improvements
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14019)

commit a3361c3755f4127a8017acf84aa924a5b8e52ff9
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sat Jan 23 12:52:21 2021 +0100

    81-test_cmp_cli_data: fixup on CSR test cases
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14019)

-----------------------------------------------------------------------

Summary of changes:
 apps/cmp.c                                         | 31 ++++++----
 crypto/cmp/cmp_client.c                            | 71 +++++++++++-----------
 crypto/cmp/cmp_msg.c                               |  4 ++
 doc/man1/openssl-cmp.pod.in                        | 16 ++---
 test/recipes/80-test_cmp_http_data/Mock/csr.pem    | 21 +++++--
 .../80-test_cmp_http_data/test_commands.csv        |  2 +-
 .../80-test_cmp_http_data/test_enrollment.csv      |  4 +-
 7 files changed, 82 insertions(+), 67 deletions(-)

diff --git a/apps/cmp.c b/apps/cmp.c
index 887ec5d22e..5778fd95a7 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -697,12 +697,13 @@ static void warn_cert_msg(const char *uri, X509 *cert, const char *msg)
 
 static void warn_cert(const char *uri, X509 *cert, int warn_EE)
 {
+    uint32_t ex_flags = X509_get_extension_flags(cert);
     int res = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert),
                                  X509_get0_notAfter(cert));
 
     if (res != 0)
         warn_cert_msg(uri, cert, res > 0 ? "has expired" : "not yet valid");
-    if (warn_EE && (X509_get_extension_flags(cert) & EXFLAG_CA) == 0)
+    if (warn_EE && (ex_flags & EXFLAG_V1) == 0 && (ex_flags & EXFLAG_CA) == 0)
         warn_cert_msg(uri, cert, "is not a CA cert");
 }
 
@@ -788,14 +789,14 @@ static int write_PKIMESSAGE(const OSSL_CMP_MSG *msg, char **filenames)
         return 0;
     }
     if (*filenames == NULL) {
-        CMP_err("Not enough file names provided for writing PKIMessage");
+        CMP_err("not enough file names provided for writing PKIMessage");
         return 0;
     }
 
     file = *filenames;
     *filenames = next_item(file);
     if (OSSL_CMP_MSG_write(file, msg) < 0) {
-        CMP_err1("Cannot write PKIMessage to file '%s'", file);
+        CMP_err1("cannot write PKIMessage to file '%s'", file);
         return 0;
     }
     return 1;
@@ -812,7 +813,7 @@ static OSSL_CMP_MSG *read_PKIMESSAGE(char **filenames)
         return NULL;
     }
     if (*filenames == NULL) {
-        CMP_err("Not enough file names provided for reading PKIMessage");
+        CMP_err("not enough file names provided for reading PKIMessage");
         return NULL;
     }
 
@@ -821,7 +822,7 @@ static OSSL_CMP_MSG *read_PKIMESSAGE(char **filenames)
 
     ret = OSSL_CMP_MSG_read(file);
     if (ret == NULL)
-        CMP_err1("Cannot read PKIMessage from file '%s'", file);
+        CMP_err1("cannot read PKIMessage from file '%s'", file);
     return ret;
 }
 
@@ -1654,9 +1655,9 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
 
     if (opt_csr != NULL) {
         if (opt_cmd == CMP_GENM) {
-            CMP_warn("-csr option is ignored for genm command");
+            CMP_warn("-csr option is ignored for command 'genm'");
         } else {
-            csr = load_csr_autofmt(opt_csr, "PKCS#10 CSR for p10cr");
+            csr = load_csr_autofmt(opt_csr, "PKCS#10 CSR");
             if (csr == NULL)
                 return 0;
             if (!OSSL_CMP_CTX_set1_p10CSR(ctx, csr)) {
@@ -1737,10 +1738,14 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
 
     if (opt_oldcert != NULL) {
         if (opt_cmd == CMP_GENM) {
-            CMP_warn("-oldcert option is ignored for genm command");
+            CMP_warn("-oldcert option is ignored for command 'genm'");
         } else {
             X509 *oldcert = load_cert_pwd(opt_oldcert, opt_keypass,
-                                          "certificate to be updated/revoked");
+                                          opt_cmd == CMP_KUR ?
+                                          "certificate to be updated" :
+                                          opt_cmd == CMP_RR ?
+                                          "certificate to be revoked" :
+                                          "reference certificate (oldcert)");
             /* opt_keypass needed if opt_oldcert is an encrypted PKCS#12 file */
 
             if (oldcert == NULL)
@@ -1892,7 +1897,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
         char *ref_cert = opt_oldcert != NULL ? opt_oldcert : opt_cert;
 
         if (ref_cert == NULL && opt_csr == NULL) {
-            CMP_err("missing -oldcert or -csr option for certificate to be updated");
+            CMP_err("missing -oldcert for certificate to be updated and no fallback -csr given");
             goto err;
         }
         if (opt_subject != NULL)
@@ -1901,11 +1906,11 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
     }
     if (opt_cmd == CMP_RR) {
         if (opt_oldcert == NULL && opt_csr == NULL) {
-            CMP_err("missing certificate to be revoked and no fallback -csr given");
+            CMP_err("missing -oldcert for certificate to be revoked and no fallback -csr given");
             goto err;
         }
         if (opt_oldcert != NULL && opt_csr != NULL)
-            CMP_warn("Ignoring -csr since certificate to be revoked is given");
+            CMP_warn("ignoring -csr since certificate to be revoked is given");
     }
     if (opt_cmd == CMP_P10CR && opt_csr == NULL) {
         CMP_err("missing PKCS#10 CSR for p10cr");
@@ -2787,7 +2792,7 @@ int cmp_main(int argc, char **argv)
             if (req != NULL) {
                 if (strcmp(path, "") != 0 && strcmp(path, "pkix/") != 0) {
                     (void)http_server_send_status(cbio, 404, "Not Found");
-                    CMP_err1("Expecting empty path or 'pkix/' but got '%s'",
+                    CMP_err1("expecting empty path or 'pkix/' but got '%s'",
                              path);
                     OPENSSL_free(path);
                     OSSL_CMP_MSG_free(req);
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index 985a474c48..00c5256013 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -129,6 +129,9 @@ static int save_statusInfo(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si)
 static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
                               OSSL_CMP_MSG **rep, int expected_type)
 {
+    int is_enrollment = IS_CREP(expected_type)
+        || expected_type == OSSL_CMP_PKIBODY_POLLREP
+        || expected_type == OSSL_CMP_PKIBODY_PKICONF;
     const char *req_type_str =
         ossl_cmp_bodytype_to_string(ossl_cmp_msg_get_bodytype(req));
     const char *expected_type_str = ossl_cmp_bodytype_to_string(expected_type);
@@ -143,14 +146,13 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
 
     *rep = NULL;
     msg_timeout = ctx->msg_timeout; /* backup original value */
-    if ((IS_CREP(expected_type) || expected_type == OSSL_CMP_PKIBODY_POLLREP)
-            && ctx->total_timeout > 0 /* timeout is not infinite */) {
+    if (is_enrollment && ctx->total_timeout > 0 /* timeout is not infinite */) {
         if (now >= ctx->end_time) {
             ERR_raise(ERR_LIB_CMP, CMP_R_TOTAL_TIMEOUT);
             return 0;
         }
         if (!ossl_assert(ctx->end_time - time(NULL) < INT_MAX)) {
-            /* cannot really happen due to the assignment in do_certreq_seq() */
+            /* actually cannot happen due to assignment in initial_certreq() */
             ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);
             return 0;
         }
@@ -168,7 +170,9 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
     ctx->msg_timeout = msg_timeout; /* restore original value */
 
     if (*rep == NULL) {
-        ERR_raise_data(ERR_LIB_CMP, CMP_R_TRANSFER_ERROR, /* or receiving response */
+        ERR_raise_data(ERR_LIB_CMP,
+                       ctx->total_timeout > 0 && time(NULL) >= ctx->end_time ?
+                       CMP_R_TOTAL_TIMEOUT : CMP_R_TRANSFER_ERROR,
                        "request sent: %s, expected response: %s",
                        req_type_str, expected_type_str);
         return 0;
@@ -641,10 +645,32 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
     return ret;
 }
 
+static int initial_certreq(OSSL_CMP_CTX *ctx,
+                           int req_type, const OSSL_CRMF_MSG *crm,
+                           OSSL_CMP_MSG **p_rep, int rep_type)
+{
+    OSSL_CMP_MSG *req;
+    int res;
+
+    ctx->status = -1;
+    if (!ossl_cmp_ctx_set0_newCert(ctx, NULL))
+        return 0;
+
+    if (ctx->total_timeout > 0) /* else ctx->end_time is not used */
+        ctx->end_time = time(NULL) + ctx->total_timeout;
+
+    /* also checks if all necessary options are set */
+    if ((req = ossl_cmp_certreq_new(ctx, req_type, crm)) == NULL)
+        return 0;
+
+    res = send_receive_check(ctx, req, p_rep, rep_type);
+    OSSL_CMP_MSG_free(req);
+    return res;
+}
+
 int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
                          const OSSL_CRMF_MSG *crm, int *checkAfter)
 {
-    OSSL_CMP_MSG *req = NULL;
     OSSL_CMP_MSG *rep = NULL;
     int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR;
     int rid = is_p10 ? -1 : OSSL_CMP_CERTREQID;
@@ -657,18 +683,7 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
     }
 
     if (ctx->status != OSSL_CMP_PKISTATUS_waiting) { /* not polling already */
-        ctx->status = -1;
-        if (!ossl_cmp_ctx_set0_newCert(ctx, NULL))
-            return 0;
-
-        if (ctx->total_timeout > 0) /* else ctx->end_time is not used */
-            ctx->end_time = time(NULL) + ctx->total_timeout;
-
-        req = ossl_cmp_certreq_new(ctx, req_type, crm);
-        if (req == NULL) /* also checks if all necessary options are set */
-            return 0;
-
-        if (!send_receive_check(ctx, req, &rep, rep_type))
+        if (!initial_certreq(ctx, req_type, crm, &rep, rep_type))
             goto err;
     } else {
         if (req_type < 0)
@@ -684,7 +699,6 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
                         req_type, rep_type);
 
  err:
-    OSSL_CMP_MSG_free(req);
     OSSL_CMP_MSG_free(rep);
     return res;
 }
@@ -701,7 +715,6 @@ X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
                             const OSSL_CRMF_MSG *crm)
 {
 
-    OSSL_CMP_MSG *req = NULL;
     OSSL_CMP_MSG *rep = NULL;
     int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR;
     int rid = is_p10 ? -1 : OSSL_CMP_CERTREQID;
@@ -712,23 +725,8 @@ X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
         ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
         return NULL;
     }
-    if (is_p10 && crm != NULL) {
-        ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);
-        return NULL;
-    }
-
-    ctx->status = -1;
-    if (!ossl_cmp_ctx_set0_newCert(ctx, NULL))
-        return NULL;
-
-    if (ctx->total_timeout > 0) /* else ctx->end_time is not used */
-        ctx->end_time = time(NULL) + ctx->total_timeout;
 
-    /* OSSL_CMP_certreq_new() also checks if all necessary options are set */
-    if ((req = ossl_cmp_certreq_new(ctx, req_type, crm)) == NULL)
-        goto err;
-
-    if (!send_receive_check(ctx, req, &rep, rep_type))
+    if (!initial_certreq(ctx, req_type, crm, &rep, rep_type))
         goto err;
 
     if (cert_response(ctx, 1 /* sleep */, rid, &rep, NULL, req_type, rep_type)
@@ -737,7 +735,6 @@ X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
 
     result = ctx->newCert;
  err:
-    OSSL_CMP_MSG_free(req);
     OSSL_CMP_MSG_free(rep);
     return result;
 }
@@ -818,7 +815,7 @@ int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx)
         goto err;
     }
 
-    /* check any pretent CertId in optional revCerts field */
+    /* check any present CertId in optional revCerts field */
     if (sk_OSSL_CRMF_CERTID_num(rrep->revCerts) >= 1) {
         OSSL_CRMF_CERTID *cid;
         OSSL_CRMF_CERTTEMPLATE *tmpl =
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index 36256b3d1d..8514336801 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -352,6 +352,10 @@ OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int type,
         ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);
         return NULL;
     }
+    if (type == OSSL_CMP_PKIBODY_P10CR && crm != NULL) {
+        ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);
+        return NULL;
+    }
 
     if ((msg = ossl_cmp_msg_create(ctx, type)) == NULL)
         goto err;
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index 9800de6465..dcb3ceedac 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -218,9 +218,9 @@ initialized to the PKI hierarchy.
 B<p10cr> requests issuing an additional certificate similarly to B<cr>
 but using PKCS#10 CSR format.
 
-B<kur> requests a (key) update for an existing, given certificate.
+B<kur> requests a (key) update for an existing certificate.
 
-B<rr> requests revocation of an existing, given certificate.
+B<rr> requests revocation of an existing certificate.
 
 B<genm> requests information using a General Message, where optionally
 included B<InfoTypeAndValue>s may be used to state which info is of interest.
@@ -344,10 +344,10 @@ is provided via the B<-newkey> or B<-key> options.
 =item B<-csr> I<filename>
 
 PKCS#10 CSR in PEM or DER format containing a certificate request.
-When used with a with B<-cmd> I<p10cr> used directly in a legacy P10CR message.
-When used with B<-cmd> I<ir>, I<cr>, or I<kur>, it is tranformed into the
+With B<-cmd> I<p10cr> it is used directly in a legacy P10CR message.
+When used with B<-cmd> I<ir>, I<cr>, or I<kur>, it is transformed into the
 respective regular CMP request.
-It may also be used with B<-cmd> I<rr> to specifiy the certificate to be revoked
+It may also be used with B<-cmd> I<rr> to specify the certificate to be revoked
 via the included subject and public key.
 
 =item B<-out_trusted> I<filenames>|I<uris>
@@ -392,12 +392,12 @@ The file where the chain of the newly enrolled certificate should be saved.
 The certificate to be updated (i.e., renewed or re-keyed) in Key Update Request
 (KUR) messages or to be revoked in Revocation Request (RR) messages.
 For RR the certificate to be revoked can also be specified using B<-csr>.
-For KUR certificate to be updated defaults to B<-cert>, and the resulting certificate is called
-I<reference certificate>.
+For KUR the certificate to be updated defaults to B<-cert>,
+and the resulting certificate is called I<reference certificate>.
 
 The reference certificate, if any, is also used for
 deriving default subject DN and Subject Alternative Names and the
-default issuer entry in the requested certificate template of a IR/CR/KUR.
+default issuer entry in the requested certificate template of an IR/CR/KUR.
 Its subject is used as sender of outgoing messages if B<-cert> is not given.
 Its issuer is used as default recipient in CMP message headers
 if neither B<-recipient>, B<-srvcert>, nor B<-issuer> is given.
diff --git a/test/recipes/80-test_cmp_http_data/Mock/csr.pem b/test/recipes/80-test_cmp_http_data/Mock/csr.pem
index 8d20bc011c..f8591522b0 100644
--- a/test/recipes/80-test_cmp_http_data/Mock/csr.pem
+++ b/test/recipes/80-test_cmp_http_data/Mock/csr.pem
@@ -1,8 +1,17 @@
 -----BEGIN CERTIFICATE REQUEST-----
-MIHxMIGXAgEAMAwxCjAIBgNVBAMMAXgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
-AAQe6gjg9c+IFRkK35/7OgK5/rcoUMPxDKkgzNq6DtUm5l3BTZIZO6xe8OvI503Z
-+mntgoUUvD7JNn6mDq0V3LuMoCkwJwYJKoZIhvcNAQkOMRowGDAJBgNVHRMEAjAA
-MAsGA1UdDwQEAwID6DAKBggqhkjOPQQDAgNJADBGAiEA6UNz3byazvlD6yIFySFM
-NKQv+YWWHphH3bIcT7NbvLwCIQCWc8ONyVmhz0tlsXtXEkBvPeWNeaIb+GPH9Dp5
-GvQuEw==
+MIICszCCAZ0CAQAwVDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAxMEbGVh
+ZjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9EKPVgvwSgO9C7UCXc
+FRkl6q/Xbrd3EJohc02/0mlpXYzk9bETQxcUs3UyY1P/HCAxGb2kyMEcT/3bVUC4
+3PuI861MM/dzbmWJbBFlBFIOC6537NDc+dMh5OKyYVcVo2/CIv8EQVYlhxRMT+ws
+E5F4k3JQtWwqk7lpI8Rd7YU307LbUcmO6jZM9iaTcdILg/L+KLUKGIwOQBGbyuCF
+y8DsMaJecQUzLyK77339pJIfnOzgtkFW1E6MP6KaY6iCgsdpmjRwrSxUyRC3938L
+USSybMuHyhj9P+pKWXPEqfPFiuAeBWrhfSFdQpqACVAtbycYWoByCn1bRY1FrPBj
+6G0CAwEAAaAcMBoGCSqGSIb3DQEJDjENMAswCQYDVR0TBAIwADALBgkqhkiG9w0B
+AQsDggEBAK7GB08OLpPGY2QWJ++vZhqbFZAO4Y3/PsfnzKjM7OFyA6lJafqGXjmO
+U+R63oHAJYhThKrpo4X91YTUgL8HI8eicM+vn3HQDRw2DKgoQcpTk9y3Hqj4YEhA
+gRLzvd4Pe7kowVtNKzqjQA2WcerZC+5XEYd88JisB1Vxijm7KmYsmili3MbR3row
+idelrt6UfyH23ytfurZvOOvawpm3Z8bilh6SY1WNSlRKwSntY9DOw8izTiimGlru
+A+TwtQ5zObWfxB5oLQib13ttCh+0rZ7zAy35txFkiOAmUUYIyng6A8zsE4RO2RCa
+BYjeQvaCjBl0fn24JCWKxuT7xtkCzXc=
 -----END CERTIFICATE REQUEST-----
diff --git a/test/recipes/80-test_cmp_http_data/test_commands.csv b/test/recipes/80-test_cmp_http_data/test_commands.csv
index 7feaebcdd0..ae9514db97 100644
--- a/test/recipes/80-test_cmp_http_data/test_commands.csv
+++ b/test/recipes/80-test_cmp_http_data/test_commands.csv
@@ -36,7 +36,7 @@ expected,description, -section,val, -cmd,val,val2, -cacertsout,val,val2, -infoty
 0, --- use csr for revocation ----, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,,BLANK, -revreason,0, -csr,csr.pem
 0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
 1,without oldcert, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,,BLANK,
-1,oldcert is directory, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,dir/,BLANK,cmp
+1,oldcert is directory, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,dir/,BLANK,
 1,oldcert file nonexistent, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,idontexist,BLANK,
 1,empty oldcert file, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,empty.txt,BLANK,
 1,oldcert and key do not match, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,trusted.crt, -revreason,0
diff --git a/test/recipes/80-test_cmp_http_data/test_enrollment.csv b/test/recipes/80-test_cmp_http_data/test_enrollment.csv
index d8d6cd2c6c..146fb0c1e1 100644
--- a/test/recipes/80-test_cmp_http_data/test_enrollment.csv
+++ b/test/recipes/80-test_cmp_http_data/test_enrollment.csv
@@ -85,8 +85,8 @@ expected,description, -section,val, -cmd,val, -newkey,val,val, -newkeypass,val,
 1,oldcert empty file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert4.pem,, -out_trusted,root.crt,, -oldcert,empty.txt,BLANK,,,
 1,oldcert random contents, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert5.pem,, -out_trusted,root.crt,, -oldcert,random.bin,BLANK,,,
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-0,csr used in ir, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_csr_ignored.pem,, -out_trusted,root.crt,,BLANK,, -csr,csr.pem,,
-0,p10cr csr, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr.pem,, -out_trusted,root.crt,,BLANK,, -csr,csr.pem,,
+0,csr used in ir, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_csr.pem,, -out_trusted,root.crt,,BLANK,, -csr,csr.pem,,
+0,p10cr csr present, -section,, -cmd,p10cr,BLANK,,, BLANK,,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr.pem,, -out_trusted,root.crt,,BLANK,, -csr,csr.pem,,
 1,p10cr csr missing, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
 1,p10cr csr missing arg, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr1.pem,, -out_trusted,root.crt,,BLANK,, -csr,,,
 1,p10cr csr directory, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr2.pem,, -out_trusted,root.crt,,BLANK,, -csr,dir/,,


More information about the openssl-commits mailing list