diff options
| author | Richard Levitte <levitte@openssl.org> | 2016-08-22 15:22:17 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2016-08-22 15:47:49 +0200 |
| commit | fd7ca7465b67336b8950a505b6d2adee867a78f7 (patch) | |
| tree | a93c3e865b88a66b63bf8d8417bcd4e557fefe2f | |
| parent | 9c8bca1c206df7886aaef4692badc4049b488e40 (diff) | |
| download | openssl-fd7ca7465b67336b8950a505b6d2adee867a78f7.tar.gz | |
Make 'openssl req -x509' more equivalent to 'openssl req -new'
The following would fail, or rather, freeze:
openssl genrsa -out rsa2048.pem 2048
openssl req -x509 -key rsa2048.pem -keyform PEM -out cert.pem
In that case, the second command wants to read a certificate request
from stdin, because -x509 wasn't fully flagged as being for creating
something new. This changes makes it fully flagged.
RT#4655
Reviewed-by: Andy Polyakov <appro@openssl.org>
| -rw-r--r-- | apps/req.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/apps/req.c b/apps/req.c index 46255f5fe6..d1411c91bb 100644 --- a/apps/req.c +++ b/apps/req.c @@ -332,9 +332,10 @@ int MAIN(int argc, char **argv) subject = 1; else if (strcmp(*argv, "-text") == 0) text = 1; - else if (strcmp(*argv, "-x509") == 0) + else if (strcmp(*argv, "-x509") == 0) { + newreq = 1; x509 = 1; - else if (strcmp(*argv, "-asn1-kludge") == 0) + } else if (strcmp(*argv, "-asn1-kludge") == 0) kludge = 1; else if (strcmp(*argv, "-no-asn1-kludge") == 0) kludge = 0; @@ -756,7 +757,7 @@ int MAIN(int argc, char **argv) } } - if (newreq || x509) { + if (newreq) { if (pkey == NULL) { BIO_printf(bio_err, "you need to specify a private key\n"); goto end; |