diff options
author | Tomas Mraz <tmraz@fedoraproject.org> | 2017-05-11 14:25:17 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-05-11 17:22:38 +0200 |
commit | d9d4122dd15c388a245c4edb28144ea919f9ddf1 (patch) | |
tree | 6d1febbc29f96ab384072819bbdd776dd8f22d56 | |
parent | bc8a4d54a87b3ac3307683c94eccf5d817348000 (diff) |
Fix regression in openssl req -x509 behaviour.
Allow conversion of existing requests to certificates again.
Fixes the issue #3396
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3437)
(cherry picked from commit 888adbe064556ff5ab2f1d16a223b0548696614c)
-rw-r--r-- | apps/req.c | 6 | ||||
-rw-r--r-- | doc/apps/req.pod | 3 |
2 files changed, 7 insertions, 2 deletions
diff --git a/apps/req.c b/apps/req.c index a1cbfe2d2b..a749925ba0 100644 --- a/apps/req.c +++ b/apps/req.c @@ -289,7 +289,6 @@ int req_main(int argc, char **argv) break; case OPT_X509: x509 = 1; - newreq = 1; break; case OPT_DAYS: days = atoi(opt_arg()); @@ -329,6 +328,9 @@ int req_main(int argc, char **argv) if (argc != 0) goto opthelp; + if (x509 && infile == NULL) + newreq = 1; + if (!nmflag_set) nmflag = XN_FLAG_ONELINE; @@ -583,7 +585,7 @@ int req_main(int argc, char **argv) } } - if (newreq) { + if (newreq || x509) { if (pkey == NULL) { BIO_printf(bio_err, "you need to specify a private key\n"); goto end; diff --git a/doc/apps/req.pod b/doc/apps/req.pod index 83b5704bd9..8cfe2bc5fa 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -233,6 +233,9 @@ a self signed root CA. The extensions added to the certificate using the B<set_serial> option, a large random number will be used for the serial number. +If existing request is specified with the B<-in> option, it is converted +to the self signed certificate otherwise new request is created. + =item B<-days n> when the B<-x509> option is being used this specifies the number of |