From d199858e89e75805d47bdc32ddcdf9df389757f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 11 Jan 2001 13:23:19 +0000 Subject: [PATCH] New -newreq-nodes option to CA.pl. Submitted by: Damien Miller --- CHANGES | 5 +++++ apps/CA.pl.in | 11 ++++++++--- doc/apps/CA.pl.pod | 5 +++++ 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 0e115315a3..0213d865db 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,11 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) New '-newreq-nodes' command option to CA.pl. This is like + '-newreq', but calls 'openssl req' with the '-nodes' option + so that the resulting key is not encrypted. + [Damien Miller ] + *) New configuration for the GNU Hurd. [Jonathan Bartlett via Richard Levitte] diff --git a/apps/CA.pl.in b/apps/CA.pl.in index f1ac7e7726..8b2ce7ea42 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -5,7 +5,7 @@ # things easier between now and when Eric is convinced to fix it :-) # # CA -newca ... will setup the right stuff -# CA -newreq ... will generate a certificate request +# CA -newreq[-nodes] ... will generate a certificate request # CA -sign ... will sign the generated request and output # # At the end of that grab newreq.pem and newcert.pem (one has the key @@ -54,7 +54,7 @@ $RET = 0; foreach (@ARGV) { if ( /^(-\?|-h|-help)$/ ) { - print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n"; + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; exit 0; } elsif (/^-newcert$/) { # create a certificate @@ -66,6 +66,11 @@ foreach (@ARGV) { system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS"); $RET=$?; print "Request (and private key) is in newreq.pem\n"; + } elsif (/^-newreq-nodes$/) { + # create a certificate request + system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS"); + $RET=$?; + print "Request (and private key) is in newreq.pem\n"; } elsif (/^-newca$/) { # if explicitly asked for or it doesn't exist then setup the # directory structure that Eric likes to manage things @@ -143,7 +148,7 @@ foreach (@ARGV) { } } else { print STDERR "Unknown arg $_\n"; - print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n"; + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; exit 1; } } diff --git a/doc/apps/CA.pl.pod b/doc/apps/CA.pl.pod index 63cd1320cc..58e0f52001 100644 --- a/doc/apps/CA.pl.pod +++ b/doc/apps/CA.pl.pod @@ -13,6 +13,7 @@ B [B<-help>] [B<-newcert>] [B<-newreq>] +[B<-newreq-nodes>] [B<-newca>] [B<-xsign>] [B<-sign>] @@ -46,6 +47,10 @@ written to the file "newreq.pem". creates a new certificate request. The private key and request are written to the file "newreq.pem". +=item B<-newreq-nowdes> + +is like B<-newreq> except that the private key will not be encrypted. + =item B<-newca> creates a new CA hierarchy for use with the B program (or the B<-signcert>