From d130456f738cfd7dfb9e192aa6d1848f5faebbf0 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 17 May 2017 15:37:39 +0200 Subject: [PATCH] Fix regression in openssl req -x509 behaviour. Allow conversion of existing requests to certificates again. Fixes the issue #3396 Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3485) --- apps/req.c | 6 ++++-- doc/apps/req.pod | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/apps/req.c b/apps/req.c index cdea1f6111..ede1d32cae 100644 --- a/apps/req.c +++ b/apps/req.c @@ -331,7 +331,6 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "-text") == 0) text = 1; else if (strcmp(*argv, "-x509") == 0) { - newreq = 1; x509 = 1; } else if (strcmp(*argv, "-asn1-kludge") == 0) kludge = 1; @@ -447,6 +446,9 @@ int MAIN(int argc, char **argv) goto end; } + if (x509 && infile == NULL) + newreq = 1; + ERR_load_crypto_strings(); if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); @@ -753,7 +755,7 @@ int MAIN(int argc, char **argv) } } - if (newreq) { + if (newreq || x509) { if (pkey == NULL) { BIO_printf(bio_err, "you need to specify a private key\n"); goto end; diff --git a/doc/apps/req.pod b/doc/apps/req.pod index 30653e5093..1682ba5143 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -237,6 +237,9 @@ a self signed root CA. The extensions added to the certificate using the B option, a large random number will be used for the serial number. +If existing request is specified with the B<-in> option, it is converted +to the self signed certificate otherwise new request is created. + =item B<-days n> when the B<-x509> option is being used this specifies the number of -- 2.25.1