public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix regression on x509 keyform argument

Browse source 
In OpenSSL pre 1.1.0, 'openssl x509 -keyform engine' was possible
and supported.  In 1.1.0, type of keyform argument is OPT_FMT_PEMDER
which doesn't support engine. This changes type of keyform argument
to OPT_FMT_PDE which means PEM, DER or engine and updates the manpage
including keyform and CAkeyform.

This restores the pre 1.1.0 behavior.

This issue is very similar than https://github.com/openssl/openssl/issues/4366

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10609)
This commit is contained in:
Jussi Keranen 2019-12-11 15:08:04 +02:00 committed by Richard Levitte
parent 625c781dc7
commit 0ab6fc79a9
2 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apps/x509.c
View file

@ -78,7 +78,7 @@ const OPTIONS x509_options[] = {
{"outform", OPT_OUTFORM, 'f',
"Output format - default PEM (one of DER or PEM)"},
{"out", OPT_OUT, '>', "Output file - default stdout"},
{"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},
{"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
{"req", OPT_REQ, '-', "Input is a certificate request, sign and output"},
OPT_SECTION("Output"),
@ -231,7 +231,7 @@ int x509_main(int argc, char **argv)
goto opthelp;
break;
case OPT_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat))
if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyformat))
goto opthelp;
break;
case OPT_CAFORM:

4
doc/man1/openssl-x509.pod.in
View file

@ -11,9 +11,9 @@ B<openssl> B<x509>
[B<-help>]
[B<-inform> B<DER>|B<PEM>]
[B<-outform> B<DER>|B<PEM>]
[B<-keyform> B<DER>|B<PEM>]
[B<-keyform> B<DER>|B<PEM>|B<ENGINE>]
[B<-CAform> B<DER>|B<PEM>]
[B<-CAkeyform> B<DER>|B<PEM>]
[B<-CAkeyform> B<DER>|B<PEM>|B<ENGINE>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-serial>]