From b701fa8340944c2a0481457f96e7f38b03180c24 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 1 Nov 2017 17:09:06 +0100 Subject: [PATCH] Fix small but important regression In OpenSSL pre 1.1.0, 'openssl x509 -CAkeyformat engine' was possible and supported. In 1.1.0, a small typo ('F' instead of 'f') removed that possibility. This restores the pre 1.1.0 behavior. Fixes #4366 Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/4643) (cherry picked from commit bd6eba79d70677f891f1bb55b6f5bc5602c47cbc) --- apps/x509.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/x509.c b/apps/x509.c index 577c35dd41..cc5fbcaf1a 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -123,7 +123,7 @@ OPTIONS x509_options[] = { {"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"}, {"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"}, {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"}, - {"CAkeyform", OPT_CAKEYFORM, 'F', "CA key format - default PEM"}, + {"CAkeyform", OPT_CAKEYFORM, 'f', "CA key format - default PEM"}, {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, {"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"}, {"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"}, -- 2.25.1