Fix typo in CONTRIBUTING.md

[openssl.git] / apps / CA.pl.in

diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index 6d1de16516991f257fccc9f894621324aa5436a8..2c31ee6c8de13afb838b33dab6e8f8e6244bd231 100644 (file)
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -1,5 +1,5 @@
 #!{- $config{HASHBANGPERL} -}
-# Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -36,6 +36,8 @@ my $CACERT = "cacert.pem";
 my $CACRL = "crl.pem";
 my $DAYS = "-days 365";
 my $CADAYS = "-days 1095";     # 3 years
+my $EXTENSIONS = "-extensions v3_ca";
+my $POLICY = "-policy policy_anything";
 my $NEWKEY = "newkey.pem";
 my $NEWREQ = "newreq.pem";
 my $NEWCERT = "newcert.pem";
@@ -179,7 +181,7 @@ if ($WHAT eq '-newcert' ) {
         $RET = run("$CA -create_serial"
                 . " -out ${CATOP}/$CACERT $CADAYS -batch"
                 . " -keyfile ${CATOP}/private/$CAKEY -selfsign"
-                . " -extensions v3_ca"
+                . " $EXTENSIONS"
                 . " -infiles ${CATOP}/$CAREQ $EXTRA{ca}") if $RET == 0;
         print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
     }
@@ -191,25 +193,27 @@ if ($WHAT eq '-newcert' ) {
             . " -export -name \"$cname\" $EXTRA{pkcs12}");
     print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
 } elsif ($WHAT eq '-xsign' ) {
-    $RET = run("$CA -policy policy_anything -infiles $NEWREQ $EXTRA{ca}");
+    $RET = run("$CA $POLICY -infiles $NEWREQ $EXTRA{ca}");
 } elsif ($WHAT eq '-sign' ) {
-    $RET = run("$CA -policy policy_anything -out $NEWCERT"
+    $RET = run("$CA $POLICY -out $NEWCERT"
             . " -infiles $NEWREQ $EXTRA{ca}");
     print "Signed certificate is in $NEWCERT\n" if $RET == 0;
 } elsif ($WHAT eq '-signCA' ) {
-    $RET = run("$CA -policy policy_anything -out $NEWCERT"
-            . " -extensions v3_ca -infiles $NEWREQ $EXTRA{ca}");
+    $RET = run("$CA $POLICY -out $NEWCERT"
+            . " $EXTENSIONS -infiles $NEWREQ $EXTRA{ca}");
     print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
 } elsif ($WHAT eq '-signcert' ) {
     $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
             . " -out tmp.pem $EXTRA{x509}");
-    $RET = run("$CA -policy policy_anything -out $NEWCERT"
+    $RET = run("$CA $POLICY -out $NEWCERT"
             .  "-infiles tmp.pem $EXTRA{ca}") if $RET == 0;
     print "Signed certificate is in $NEWCERT\n" if $RET == 0;
 } elsif ($WHAT eq '-verify' ) {
     my @files = @ARGV ? @ARGV : ( $NEWCERT );
     foreach my $file (@files) {
-        my $status = run("$VERIFY -CAfile ${CATOP}/$CACERT $file $EXTRA{verify}");
+        # -CAfile quoted for VMS, since the C RTL downcases all unquoted
+        # arguments to C programs
+        my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}");
         $RET = $status if $status != 0;
     }
 } elsif ($WHAT eq '-crl' ) {