[openssl-dev] [openssl.org #4687] Bug in apps/req.c introduced in openssl 1.0.2i
scott.openssl@scottrix.co.uk via RT
rt at openssl.org
Wed Sep 28 11:30:33 UTC 2016
Hi,
When trying to generate a self signed certificate from a previously
generate csr with the command line:
openssl req -x509 -key privkey.pem -in csr.pem -out selfsigned.pem
it now prompts for country code etc. which is stored in the CSR. This
change in behavior was introduced by:
commit fd7ca7465b67336b8950a505b6d2adee867a78f7
Author: Richard Levitte <levitte at openssl.org>
Date: Mon Aug 22 15:22:17 2016 +0200
Make 'openssl req -x509' more equivalent to 'openssl req -new'
The following would fail, or rather, freeze:
openssl genrsa -out rsa2048.pem 2048
openssl req -x509 -key rsa2048.pem -keyform PEM -out cert.pem
In that case, the second command wants to read a certificate request
from stdin, because -x509 wasn't fully flagged as being for creating
something new. This changes makes it fully flagged.
RT#4655
Reviewed-by: Andy Polyakov <appro at openssl.org>
My propsed patch is:
diff -Nru openssl-1.0.2i/apps/req.c openssl-1.0.2i-1/apps/req.c
--- openssl-1.0.2i/apps/req.c 2016-09-22 19:59:10.000000000 +0100
+++ openssl-1.0.2i-1/apps/req.c 2016-09-27 17:37:07.917660064 +0100
@@ -787,7 +787,7 @@
BIO_printf(bio_err, "-----\n");
}
- if (!newreq) {
+ if (!newreq || (x509 && infile)) {
/*
* Since we are using a pre-existing certificate request, the
* kludge
* 'format' info should not be changed.
Scott Harrison
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4687
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list