It's a bit annoying, since some commands try to read a .rnd file,
and print an error message if the file does not exist.
But previously a .rnd file was created on exit, and that does no longer
happen.
Fixed by continuing in app_RAND_load_conf regardless of the error in
RAND_load_file.
If the random number generator is still not initalized on exit, the
function RAND_write_file will fail and no .rnd file would be created.
Remove RANDFILE from openssl.cnf
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7217)
Either files or directories of *.cnf or *.conf files
can be included.
Recursive inclusion of directories is not supported.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5351)
This is a more comprehensive fix. It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1. This is from
Kurt's upstream Debian changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
that can automatically determine the type of a DER encoded
"traditional" format private key and change some of the
d2i functions to use it instead of requiring the application
to work out the key type.
Add a bunch of functions to simplify the creation of X509_NAME structures.
Change the X509_NAME_entry_add stuff in req/ca so it no longer uses
X509_NAME_entry_count(): passing -1 has the same effect.
of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56 Using this
technique currently unsupported extensions can be generated if you know their
DER encoding. Even if the extension is supported in future the raw extension
will still work: that is the raw version can always be used even if it is a
supported extension.
name, issuer and authority key id. Change the i2v function parameters
and add an extra 'crl' parameter in the X509V3_CTX structure: guess
what that's for :-) Fix to ASN1 macro which messed up
IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
so that: openssl req -x509 -new -out cert.pem
will take extensions from openssl.cnf a sample for a CA is included.
Also change the directory order so pem is nearer the end. Otherwise 'make links'
wont work because pem.h can't be built.
`openssl' and second, the shortcut symlinks for the `openssl <command>' are no
longer created. This way we have a single and consistent command line
interface `openssl <command>', similar to `cvs <command>'.
Notice, the openssl.cnf, openssl.c and progs.pl files were changed after a
repository copy, i.e. they still contain the complete file history.