From 888adbe064556ff5ab2f1d16a223b0548696614c Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 11 May 2017 14:25:17 +0200 Subject: [PATCH] Fix regression in openssl req -x509 behaviour. Allow conversion of existing requests to certificates again. Fixes the issue #3396 Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/3437) --- apps/req.c | 6 ++++-- doc/man1/req.pod | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/apps/req.c b/apps/req.c index f1dba66041..a47dfcffaf 100644 --- a/apps/req.c +++ b/apps/req.c @@ -288,7 +288,6 @@ int req_main(int argc, char **argv) break; case OPT_X509: x509 = 1; - newreq = 1; break; case OPT_DAYS: days = atoi(opt_arg()); @@ -331,6 +330,9 @@ int req_main(int argc, char **argv) if (argc != 0) goto opthelp; + if (x509 && infile == NULL) + newreq = 1; + /* TODO: simplify this as pkey is still always NULL here */ private = newreq && (pkey == NULL) ? 1 : 0; @@ -582,7 +584,7 @@ int req_main(int argc, char **argv) } } - if (newreq) { + if (newreq || x509) { if (pkey == NULL) { BIO_printf(bio_err, "you need to specify a private key\n"); goto end; diff --git a/doc/man1/req.pod b/doc/man1/req.pod index f9e424b2b4..4dbd489ffe 100644 --- a/doc/man1/req.pod +++ b/doc/man1/req.pod @@ -234,6 +234,9 @@ a self signed root CA. The extensions added to the certificate using the B option, a large random number will be used for the serial number. +If existing request is specified with the B<-in> option, it is converted +to the self signed certificate otherwise new request is created. + =item B<-days n> When the B<-x509> option is being used this specifies the number of