Enable openssl req -x509 to create certificates from CSRs

`openssl req -x509` has code allowing it to generate certificates from CSRs as a replacement for `openssl x509`, but a bug prevents it from working properly. -CA and -CAkey can now be passed to generate a CA-signed certificate as documented in openssl-req(1). Regression testing has been added to `openssl req`. Fixes #17736. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17782)
author: Hugo Landau <hlandau@openssl.org> 2022-03-01 12:55:03 +0000
committer: Tomas Mraz <tomas@openssl.org> 2022-03-03 10:21:51 +0100
commit: df5c86e9f80d14d699bad4c8889292fd9b4bd7ba (patch)
tree: 42b0f5817207365a6bb2db8a68da4b6c6b2e7dd6 /apps
parent: 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/apps/req.c b/apps/req.c
index 76b337f6bc..7e59e673e0 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -765,8 +765,9 @@ int req_main(int argc, char **argv)
         }
     }
     if (newreq || gen_x509) {
-        if (pkey == NULL /* can happen only if !newreq */) {
-            BIO_printf(bio_err, "Must provide a signature key using -key\n");
+        if (CAcert == NULL && pkey == NULL) {
+            BIO_printf(bio_err, "Must provide a signature key using -key or"
+                " provide -CA / -CAkey\n");
             goto end;
         }
author	Hugo Landau <hlandau@openssl.org>	2022-03-01 12:55:03 +0000
committer	Tomas Mraz <tomas@openssl.org>	2022-03-03 10:21:51 +0100
commit	df5c86e9f80d14d699bad4c8889292fd9b4bd7ba (patch)
tree	42b0f5817207365a6bb2db8a68da4b6c6b2e7dd6 /apps
parent	8bfb7506d210841f2ee4eda8afe96441a0e33fa5 (diff)