summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid von Oheimb <David.von.Oheimb@siemens.com>2017-12-14 08:04:00 +0100
committerDr. David von Oheimb <David.von.Oheimb@siemens.com>2020-11-19 11:36:02 +0100
commitc1097eecdfe438bcb18b3f556ca4e5dec0748cfc (patch)
treec010dcfc1868c672d0831d0bd6f299d2a38af37b
parentd7e498ac55f12bc2f4e7f948cbb8de2e3eeafc74 (diff)
apps/ca: Minor code and doc cleanup
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/4930)
Diffstat
-rwxr-xr-xapps/ca.c9
-rw-r--r--doc/man1/openssl-ca.pod.in2
2 files changed, 7 insertions, 4 deletions
diff --git a/apps/ca.c b/apps/ca.c
index b2866f63d6..a9f4de8bc1 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -100,7 +100,7 @@ static int certify(X509 **xret, const char *infile, int informat,
long days, int batch, const char *ext_sect, CONF *conf,
int verbose, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign);
-static int certify_cert(X509 **xret, const char *infile, int informat,
+static int certify_cert(X509 **xret, const char *infile, int certformat,
const char *passin, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst,
STACK_OF(OPENSSL_STRING) *sigopts,
@@ -211,9 +211,11 @@ const OPTIONS ca_options[] = {
OPT_SECTION("Signing"),
{"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
{"keyfile", OPT_KEYFILE, 's', "The CA private key"},
- {"keyform", OPT_KEYFORM, 'f', "Private key file format (ENGINE, other values ignored)"},
+ {"keyform", OPT_KEYFORM, 'f',
+ "Private key file format (ENGINE, other values ignored)"},
{"passin", OPT_PASSIN, 's', "Key and cert input file pass phrase source"},
- {"key", OPT_KEY, 's', "Key to decrypt key or cert files. Better use -passin"},
+ {"key", OPT_KEY, 's',
+ "Key to decrypt the private key or cert files if encrypted. Better use -passin"},
{"cert", OPT_CERT, '<', "The CA cert"},
{"certform", OPT_CERTFORM, 'F',
"Certificate input format (DER/PEM/P12); has no effect"},
@@ -580,6 +582,7 @@ end_of_options:
}
}
pkey = load_key(keyfile, keyformat, 0, passin, e, "CA private key");
+ cleanse(passin);
if (pkey == NULL)
/* load_key() has already printed an appropriate message */
goto end;
diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in
index bfb8f1a30d..0c53b5935c 100644
--- a/doc/man1/openssl-ca.pod.in
+++ b/doc/man1/openssl-ca.pod.in
@@ -198,7 +198,7 @@ self-signed certificate.
=item B<-passin> I<arg>
-The key and certificate password source.
+The password source for key files and certificate PKCS#12 files.
For more information about the format of B<arg>
see L<openssl(1)/Pass Phrase Options>.
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-09 10:50:20 +0000