mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-30 14:01:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

APPS req: Extend the -keyout option to be respected also with -key

Browse Source 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13715)
This commit is contained in:
Dr. David von Oheimb 2021-05-26 09:22:48 +02:00 committed by Dr. David von Oheimb
parent 54e8f7259b
commit 8b893c35da
2 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
apps/req.c
View File

@ -142,7 +142,7 @@ const OPTIONS req_options[] = {
{"key", OPT_KEY, 's', "Private key to use"}, {"key", OPT_KEY, 's', "Private key to use"},
{"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"}, {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"},
{"pubkey", OPT_PUBKEY, '-', "Output public key"}, {"pubkey", OPT_PUBKEY, '-', "Output public key"},
{"keyout", OPT_KEYOUT, '>', "File to save newly created private key"}, {"keyout", OPT_KEYOUT, '>', "File to write private key to"},
{"passin", OPT_PASSIN, 's', "Private key and certificate password source"}, {"passin", OPT_PASSIN, 's', "Private key and certificate password source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"newkey", OPT_NEWKEY, 's', {"newkey", OPT_NEWKEY, 's',
@ -676,17 +676,21 @@ int req_main(int argc, char **argv)
EVP_PKEY_CTX_free(genctx); EVP_PKEY_CTX_free(genctx);
genctx = NULL; genctx = NULL;
}
if (keyout == NULL) { if (keyout == NULL) {
keyout = NCONF_get_string(req_conf, section, KEYFILE); keyout = NCONF_get_string(req_conf, section, KEYFILE);
if (keyout == NULL)
ERR_clear_error();
}
if (keyout == NULL) if (keyout == NULL)
BIO_printf(bio_err, "Writing new private key to stdout\n"); ERR_clear_error();
else }
BIO_printf(bio_err, "Writing new private key to '%s'\n", keyout);
if (pkey != NULL && (keyfile == NULL || keyout != NULL)) {
if (verbose) {
BIO_printf(bio_err, "Writing private key to ");
if (keyout == NULL)
BIO_printf(bio_err, "stdout\n");
else
BIO_printf(bio_err, "'%s'\n", keyout);
}
out = bio_open_owner(keyout, outformat, newreq); out = bio_open_owner(keyout, outformat, newreq);
if (out == NULL) if (out == NULL)
goto end; goto end;
@ -705,7 +709,6 @@ int req_main(int argc, char **argv)
i = 0; i = 0;
loop: loop:
assert(newreq);
if (!PEM_write_bio_PrivateKey(out, pkey, cipher, if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
NULL, 0, NULL, passout)) { NULL, 0, NULL, passout)) {
if ((ERR_GET_REASON(ERR_peek_error()) == if ((ERR_GET_REASON(ERR_peek_error()) ==

10
doc/man1/openssl-req.pod.in
View File

@ -204,10 +204,12 @@ See L<openssl-format-options(1)> for details.
=item B<-keyout> I<filename> =item B<-keyout> I<filename>
This gives the filename to write any newly created private key to. This gives the filename to write any private key to that has been newly created
If this option is not given then the filename specified in the configuration or read from B<-key>.
file with the B<default_keyfile> option is used if present, If the B<-keyout> option is not given the filename specified in the
else the key is written to standard output. configuration file with the B<default_keyfile> option is used, if present.
If a new key is generated and no filename is specified
the key is written to standard output.
=item B<-noenc> =item B<-noenc>