From: Tomas Mraz Date: Wed, 17 May 2017 13:37:39 +0000 (+0200) Subject: Fix regression in openssl req -x509 behaviour. X-Git-Tag: OpenSSL_1_0_2l~4 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d130456f738cfd7dfb9e192aa6d1848f5faebbf0;p=oweals%2Fopenssl.git Fix regression in openssl req -x509 behaviour. Allow conversion of existing requests to certificates again. Fixes the issue #3396 Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3485) --- diff --git a/apps/req.c b/apps/req.c index cdea1f6111..ede1d32cae 100644 --- a/apps/req.c +++ b/apps/req.c @@ -331,7 +331,6 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "-text") == 0) text = 1; else if (strcmp(*argv, "-x509") == 0) { - newreq = 1; x509 = 1; } else if (strcmp(*argv, "-asn1-kludge") == 0) kludge = 1; @@ -447,6 +446,9 @@ int MAIN(int argc, char **argv) goto end; } + if (x509 && infile == NULL) + newreq = 1; + ERR_load_crypto_strings(); if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); @@ -753,7 +755,7 @@ int MAIN(int argc, char **argv) } } - if (newreq) { + if (newreq || x509) { if (pkey == NULL) { BIO_printf(bio_err, "you need to specify a private key\n"); goto end; diff --git a/doc/apps/req.pod b/doc/apps/req.pod index 30653e5093..1682ba5143 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -237,6 +237,9 @@ a self signed root CA. The extensions added to the certificate using the B option, a large random number will be used for the serial number. +If existing request is specified with the B<-in> option, it is converted +to the self signed certificate otherwise new request is created. + =item B<-days n> when the B<-x509> option is being used this specifies the number of