Commit d130456f authored by Tomas Mraz's avatar Tomas Mraz
Browse files

Fix regression in openssl req -x509 behaviour. 



Allow conversion of existing requests to certificates again.
Fixes the issue #3396

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3485)
parent 7c300b9d

apps/req.c

+4 −2
Original line number Diff line number Diff line
@@ -331,7 +331,6 @@ int MAIN(int argc, char **argv) 
        else if (strcmp(*argv, "-text") == 0)

            text = 1;

        else if (strcmp(*argv, "-x509") == 0) {

            newreq = 1;

            x509 = 1;

        } else if (strcmp(*argv, "-asn1-kludge") == 0)

            kludge = 1;
@@ -447,6 +446,9 @@ int MAIN(int argc, char **argv) 
        goto end;

    }



    if (x509 && infile == NULL)

        newreq = 1;



    ERR_load_crypto_strings();

    if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {

        BIO_printf(bio_err, "Error getting passwords\n");
@@ -753,7 +755,7 @@ int MAIN(int argc, char **argv) 
        }

    }



    if (newreq) {

    if (newreq || x509) {

        if (pkey == NULL) {

            BIO_printf(bio_err, "you need to specify a private key\n");

            goto end;

doc/apps/req.pod

+3 −0
Original line number Diff line number Diff line
@@ -237,6 +237,9 @@ a self signed root CA. The extensions added to the certificate 
using the B<set_serial> option, a large random number will be used for

the serial number.



If existing request is specified with the B<-in> option, it is converted

to the self signed certificate otherwise new request is created.



=item B<-days n>



when the B<-x509> option is being used this specifies the number of