diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-05-26 09:22:48 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-05-27 11:06:01 +0200 |
| commit | 8b893c35da65c7b9a126c779caf42500e1297e7d (patch) | |
| tree | cebb3360c43033445dd37f598263e63db2fa5a25 | |
| parent | 54e8f7259bec08a6655a0693a315a75d9ce65e95 (diff) | |
| download | openssl-8b893c35da65c7b9a126c779caf42500e1297e7d.tar.gz | |
APPS req: Extend the -keyout option to be respected also with -key
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13715)
| -rw-r--r-- | apps/req.c | 23 | ||||
| -rw-r--r-- | doc/man1/openssl-req.pod.in | 10 |
2 files changed, 19 insertions, 14 deletions
diff --git a/apps/req.c b/apps/req.c index 9edb1deb96..a9769b7452 100644 --- a/apps/req.c +++ b/apps/req.c @@ -142,7 +142,7 @@ const OPTIONS req_options[] = { {"key", OPT_KEY, 's', "Private key to use"}, {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"}, {"pubkey", OPT_PUBKEY, '-', "Output public key"}, - {"keyout", OPT_KEYOUT, '>', "File to save newly created private key"}, + {"keyout", OPT_KEYOUT, '>', "File to write private key to"}, {"passin", OPT_PASSIN, 's', "Private key and certificate password source"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"newkey", OPT_NEWKEY, 's', @@ -676,17 +676,21 @@ int req_main(int argc, char **argv) EVP_PKEY_CTX_free(genctx); genctx = NULL; + } + if (keyout == NULL) { + keyout = NCONF_get_string(req_conf, section, KEYFILE); + if (keyout == NULL) + ERR_clear_error(); + } - if (keyout == NULL) { - keyout = NCONF_get_string(req_conf, section, KEYFILE); + if (pkey != NULL && (keyfile == NULL || keyout != NULL)) { + if (verbose) { + BIO_printf(bio_err, "Writing private key to "); if (keyout == NULL) - ERR_clear_error(); + BIO_printf(bio_err, "stdout\n"); + else + BIO_printf(bio_err, "'%s'\n", keyout); } - - if (keyout == NULL) - BIO_printf(bio_err, "Writing new private key to stdout\n"); - else - BIO_printf(bio_err, "Writing new private key to '%s'\n", keyout); out = bio_open_owner(keyout, outformat, newreq); if (out == NULL) goto end; @@ -705,7 +709,6 @@ int req_main(int argc, char **argv) i = 0; loop: - assert(newreq); if (!PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, passout)) { if ((ERR_GET_REASON(ERR_peek_error()) == diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index 4cec47f02c..7897610818 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -204,10 +204,12 @@ See L<openssl-format-options(1)> for details. =item B<-keyout> I<filename> -This gives the filename to write any newly created private key to. -If this option is not given then the filename specified in the configuration -file with the B<default_keyfile> option is used if present, -else the key is written to standard output. +This gives the filename to write any private key to that has been newly created +or read from B<-key>. +If the B<-keyout> option is not given the filename specified in the +configuration file with the B<default_keyfile> option is used, if present. +If a new key is generated and no filename is specified +the key is written to standard output. =item B<-noenc> |