From 16d560439d8b1be5082228a87576a8f79b3525ac Mon Sep 17 00:00:00 2001 From: Bastian Germann Date: Thu, 13 Feb 2020 11:58:27 +0100 Subject: [PATCH] apps x509: passing PKCS#11 URL as -signkey OpenSSL 1.1.0 has extended option checking, and rejects passing a PKCS#11 engine URL to "-signkey" option. The actual code is ready to take it. Change the option parsing to allow an engine URL to be passed and modify the manpage accordingly. CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/11086) --- apps/x509.c | 2 +- doc/man1/openssl-x509.pod.in | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/apps/x509.c b/apps/x509.c index c00753797e..7403669863 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -128,7 +128,7 @@ const OPTIONS x509_options[] = { {"setalias", OPT_SETALIAS, 's', "Set certificate alias"}, {"days", OPT_DAYS, 'n', "How long till expiry of a signed certificate - def 30 days"}, - {"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"}, + {"signkey", OPT_SIGNKEY, 's', "Self sign cert with arg"}, {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"}, {"extensions", OPT_EXTENSIONS, 's', "Section from config file to use"}, {"certopt", OPT_CERTOPT, 's', "Various certificate text options"}, diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in index 3da2b0d122..50496984f8 100644 --- a/doc/man1/openssl-x509.pod.in +++ b/doc/man1/openssl-x509.pod.in @@ -45,7 +45,7 @@ B B [B<-setalias> I] [B<-days> I] [B<-set_serial> I] -[B<-signkey> I] +[B<-signkey> I] [B<-badsig>] [B<-passin> I] [B<-x509toreq>] @@ -348,10 +348,11 @@ can thus behave like a "mini CA". =over 4 -=item B<-signkey> I +=item B<-signkey> I This option causes the input file to be self signed using the supplied -private key. +private key or engine. The private key's format is specified with the +B<-keyform> option. It sets the issuer name to the subject name (i.e., makes it self-issued) and changes the public key to the supplied value (unless overridden by -- 2.25.1