Remove asn1-kludge option.

[openssl.git] / apps / req.c

diff --git a/apps/req.c b/apps/req.c
index 712037dc173807ceb72fad0cced533cc1ffc5c6a..9b017aa7bb0088146cab3d6a48f3be260cf3d7ac 100644 (file)
--- a/apps/req.c
+++ b/apps/req.c
@@ -126,8 +126,8 @@ typedef enum OPTION_choice {
     OPT_PKEYOPT, OPT_SIGOPT, OPT_BATCH, OPT_NEWHDR, OPT_MODULUS,
     OPT_VERIFY, OPT_NODES, OPT_NOOUT, OPT_VERBOSE, OPT_UTF8,
     OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJ, OPT_SUBJECT, OPT_TEXT, OPT_X509,
-    OPT_ASN1_KLUDGE, OPT_NO_ASN1_KLUDGE, OPT_MULTIVALUE_RDN,
-    OPT_DAYS, OPT_SET_SERIAL, OPT_EXTENSIONS, OPT_REQEXTS, OPT_MD
+    OPT_MULTIVALUE_RDN, OPT_DAYS, OPT_SET_SERIAL, OPT_EXTENSIONS,
+    OPT_REQEXTS, OPT_MD
 } OPTION_CHOICE;
 
 OPTIONS req_options[] = {
@@ -163,10 +163,7 @@ OPTIONS req_options[] = {
     {"text", OPT_TEXT, '-', "Text form of request"},
     {"x509", OPT_X509, '-',
      "Output a x509 structure instead of a cert request"},
-    {"asn1-kludge", OPT_ASN1_KLUDGE, '-',
-     "Output the request in a format that is wrong"},
     {OPT_MORE_STR, 1, 1, "(Required by some CA's)"},
-    {"no-asn1-kludge", OPT_NO_ASN1_KLUDGE, '-'},
     {"subj", OPT_SUBJ, 's', "Set or modify request subject"},
     {"subject", OPT_SUBJECT, '-', "Output the request's subject"},
     {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
@@ -204,13 +201,14 @@ int req_main(int argc, char **argv)
     char *template = default_config_file, *keyout = NULL;
     const char *keyalg = NULL;
     OPTION_CHOICE o;
-    int ret = 1, x509 = 0, days = 30, i = 0, newreq = 0, verbose =
-        0, pkey_type = -1;
+    int ret = 1, x509 = 0, days = 30, i = 0, newreq = 0, verbose = 0;
+    int pkey_type = -1, private = 0;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyform = FORMAT_PEM;
     int modulus = 0, multirdn = 0, verify = 0, noout = 0, text = 0;
-    int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0;
+    int nodes = 0, newhdr = 0, subject = 0, pubkey = 0;
     long newkey = -1;
     unsigned long chtype = MBSTRING_ASC, nmflag = 0, reqflag = 0;
+    char nmflag_set = 0;
 
 #ifndef OPENSSL_NO_DES
     cipher = EVP_des_ede3_cbc();
@@ -323,6 +321,7 @@ int req_main(int argc, char **argv)
             chtype = MBSTRING_UTF8;
             break;
         case OPT_NAMEOPT:
+            nmflag_set = 1;
             if (!set_name_ex(&nmflag, opt_arg()))
                 goto opthelp;
             break;
@@ -336,13 +335,6 @@ int req_main(int argc, char **argv)
         case OPT_X509:
             x509 = 1;
             break;
-        case OPT_ASN1_KLUDGE:
-            kludge = 1;
-            break;
-        case OPT_NO_ASN1_KLUDGE:
-            kludge = 0;
-            break;
-            multirdn = 1;
         case OPT_DAYS:
             days = atoi(opt_arg());
             break;
@@ -352,7 +344,7 @@ int req_main(int argc, char **argv)
                 goto opthelp;
             break;
         case OPT_SUBJECT:
-           subject = 1;
+            subject = 1;
             break;
         case OPT_SUBJ:
             subj = opt_arg();
@@ -376,6 +368,11 @@ int req_main(int argc, char **argv)
     argc = opt_num_rest();
     argv = opt_rest();
 
+    if (!nmflag_set)
+        nmflag = XN_FLAG_ONELINE;
+
+    private = newreq && (pkey == NULL) ? 1 : 0;
+
     if (!app_passwd(passargin, passargout, &passin, &passout)) {
         BIO_printf(bio_err, "Error getting passwords\n");
         goto end;
@@ -569,7 +566,7 @@ int req_main(int argc, char **argv)
             BIO_printf(bio_err, "writing new private key to stdout\n");
         else
             BIO_printf(bio_err, "writing new private key to '%s'\n", keyout);
-        out = bio_open_default(keyout, "w");
+        out = bio_open_owner(keyout, "w", private);
         if (out == NULL)
             goto end;
 
@@ -587,6 +584,7 @@ int req_main(int argc, char **argv)
 
         i = 0;
  loop:
+        assert(private);
         if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
                                       NULL, 0, NULL, passout)) {
             if ((ERR_GET_REASON(ERR_peek_error()) ==
@@ -603,11 +601,6 @@ int req_main(int argc, char **argv)
     }
 
     if (!newreq) {
-        /*
-         * Since we are using a pre-existing certificate request, the kludge
-         * 'format' info should not be changed.
-         */
-        kludge = -1;
         in = bio_open_default(infile, RB(informat));
         if (in == NULL)
             goto end;
@@ -636,11 +629,6 @@ int req_main(int argc, char **argv)
 
             i = make_REQ(req, pkey, subj, multirdn, !x509, chtype);
             subj = NULL;        /* done processing '-subj' option */
-            if ((kludge > 0)
-                && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) {
-                sk_X509_ATTRIBUTE_free(req->req_info->attributes);
-                req->req_info->attributes = NULL;
-            }
             if (!i) {
                 BIO_printf(bio_err, "problems making Certificate Request\n");
                 goto end;