From 65b3dff76b570dc0c893defa8014314c13c82c73 Mon Sep 17 00:00:00 2001 From: Rob Percival Date: Fri, 13 Jan 2017 19:10:26 +0000 Subject: [PATCH] apps/req.c: flag "-new" is implied by "-precert" Reviewed-by: Tim Hudson Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/843) --- apps/CA.pl.in | 2 +- apps/req.c | 7 +++---- doc/man1/req.pod | 2 ++ 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/apps/CA.pl.in b/apps/CA.pl.in index b9b93cb452..ddbc70d710 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -125,7 +125,7 @@ if ($WHAT eq '-newcert' ) { print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0; } elsif ($WHAT eq '-precert' ) { # create a pre-certificate - $RET = run("$REQ -new -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS"); + $RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS"); print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0; } elsif ($WHAT eq '-newreq' ) { # create a certificate request diff --git a/apps/req.c b/apps/req.c index 8945cb6c01..ddb0fdce99 100644 --- a/apps/req.c +++ b/apps/req.c @@ -126,7 +126,7 @@ const OPTIONS req_options[] = { "Cert extension section (override value in config file)"}, {"reqexts", OPT_REQEXTS, 's', "Request extension section (override value in config file)"}, - {"precert", OPT_PRECERT, '-', "Add a poison extension"}, + {"precert", OPT_PRECERT, '-', "Add a poison extension (implies -new)"}, {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, @@ -161,8 +161,7 @@ int req_main(int argc, char **argv) int pkey_type = -1, private = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyform = FORMAT_PEM; int modulus = 0, multirdn = 0, verify = 0, noout = 0, text = 0; - int nodes = 0, newhdr = 0, subject = 0, pubkey = 0; - int precert = 0; + int nodes = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0; long newkey = -1; unsigned long chtype = MBSTRING_ASC, nmflag = 0, reqflag = 0; char nmflag_set = 0; @@ -321,7 +320,7 @@ int req_main(int argc, char **argv) req_exts = opt_arg(); break; case OPT_PRECERT: - precert = 1; + newreq = precert = 1; break; case OPT_MD: if (!opt_md(opt_unknown(), &md_alg)) diff --git a/doc/man1/req.pod b/doc/man1/req.pod index 5ac629aa44..641d8f62bc 100644 --- a/doc/man1/req.pod +++ b/doc/man1/req.pod @@ -262,6 +262,8 @@ Transparency logs in order to obtain signed certificate timestamps (SCTs). These SCTs can then be embedded into the pre-certificate as an extension, before removing the poison and signing the certificate. +This implies the B<-new> flag. + =item B<-utf8> this option causes field values to be interpreted as UTF8 strings, by