apps/req.c: flag "-new" is implied by "-precert"

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/843)
This commit is contained in:
Rob Percival 2017-01-13 19:10:26 +00:00 committed by Rich Salz
parent 505fb99964
commit 65b3dff76b
3 changed files with 6 additions and 5 deletions

View File

@ -125,7 +125,7 @@ if ($WHAT eq '-newcert' ) {
print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-precert' ) {
# create a pre-certificate
$RET = run("$REQ -new -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS");
$RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS");
print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-newreq' ) {
# create a certificate request

View File

@ -126,7 +126,7 @@ const OPTIONS req_options[] = {
"Cert extension section (override value in config file)"},
{"reqexts", OPT_REQEXTS, 's',
"Request extension section (override value in config file)"},
{"precert", OPT_PRECERT, '-', "Add a poison extension"},
{"precert", OPT_PRECERT, '-', "Add a poison extension (implies -new)"},
{"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
@ -161,8 +161,7 @@ int req_main(int argc, char **argv)
int pkey_type = -1, private = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyform = FORMAT_PEM;
int modulus = 0, multirdn = 0, verify = 0, noout = 0, text = 0;
int nodes = 0, newhdr = 0, subject = 0, pubkey = 0;
int precert = 0;
int nodes = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0;
long newkey = -1;
unsigned long chtype = MBSTRING_ASC, nmflag = 0, reqflag = 0;
char nmflag_set = 0;
@ -321,7 +320,7 @@ int req_main(int argc, char **argv)
req_exts = opt_arg();
break;
case OPT_PRECERT:
precert = 1;
newreq = precert = 1;
break;
case OPT_MD:
if (!opt_md(opt_unknown(), &md_alg))

View File

@ -262,6 +262,8 @@ Transparency logs in order to obtain signed certificate timestamps (SCTs).
These SCTs can then be embedded into the pre-certificate as an extension, before
removing the poison and signing the certificate.
This implies the B<-new> flag.
=item B<-utf8>
this option causes field values to be interpreted as UTF8 strings, by