Remove -C option from x509 command

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13384)

diff --git a/CHANGES.md b/CHANGES.md
index e5d7846cc8824d7ee1dc5eec16f9be1ca03d6de7..6e275f1d73d5bde6d6c88c368ea8aa25db4961c4 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -27,7 +27,8 @@ OpenSSL 3.0
 
    *Paul Dale*
 
- * The -C option to the dhparam, dsaparam, and ecparam commands were removed.
+ * The -C option to the x509, dhparam, dsaparam, and ecparam commands
+   were removed.
 
    *Rich Salz*
 

diff --git a/apps/x509.c b/apps/x509.c
index 8f9b7c8e40ce120aa322dc6ac01a4cdc30981f8f..0d0d93edc0a61798e76f31c536aec50690b18f82 100644 (file)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -54,7 +54,7 @@ typedef enum OPTION_choice {
     OPT_EXTENSIONS, OPT_IN, OPT_OUT, OPT_SIGNKEY, OPT_CA, OPT_CAKEY,
     OPT_CASERIAL, OPT_SET_SERIAL, OPT_NEW, OPT_FORCE_PUBKEY, OPT_SUBJ,
     OPT_ADDTRUST, OPT_ADDREJECT, OPT_SETALIAS, OPT_CERTOPT, OPT_NAMEOPT,
-    OPT_C, OPT_EMAIL, OPT_OCSP_URI, OPT_SERIAL, OPT_NEXT_SERIAL,
+    OPT_EMAIL, OPT_OCSP_URI, OPT_SERIAL, OPT_NEXT_SERIAL,
     OPT_MODULUS, OPT_PUBKEY, OPT_X509TOREQ, OPT_TEXT, OPT_HASH,
     OPT_ISSUER_HASH, OPT_SUBJECT, OPT_ISSUER, OPT_FINGERPRINT, OPT_DATES,
     OPT_PURPOSE, OPT_STARTDATE, OPT_ENDDATE, OPT_CHECKEND, OPT_CHECKHOST,
@@ -110,7 +110,6 @@ const OPTIONS x509_options[] = {
     {OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"},
     {"text", OPT_TEXT, '-', "Print the certificate in text form"},
     {"ext", OPT_EXT, 's', "Print various X509V3 extensions"},
-    {"C", OPT_C, '-', "Print out C code forms"},
 #ifndef OPENSSL_NO_MD5
     {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
      "Print old-style (MD5) subject hash value"},
@@ -188,7 +187,7 @@ int x509_main(int argc, char **argv)
     char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL;
     char *prog;
     int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0, pprint = 0;
-    int C = 0, CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM;
+    int CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM;
     int fingerprint = 0, reqfile = 0, checkend = 0;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
     int next_serial = 0, subject_hash = 0, issuer_hash = 0, ocspid = 0;
@@ -360,9 +359,6 @@ int x509_main(int argc, char **argv)
         case OPT_ENGINE:
             e = setup_engine(opt_arg(), 0);
             break;
-        case OPT_C:
-            C = ++num;
-            break;
         case OPT_EMAIL:
             email = ++num;
             break;
@@ -788,28 +784,6 @@ int x509_main(int argc, char **argv)
                     goto end;
                 }
                 PEM_write_bio_PUBKEY(out, pkey);
-            } else if (C == i) {
-                unsigned char *d;
-                char *m;
-                int len;
-
-                print_name(out, "/*\n"
-                                " * Subject: ", X509_get_subject_name(x), get_nameopt());
-                print_name(out, " * Issuer:  ", X509_get_issuer_name(x), get_nameopt());
-                BIO_puts(out, " */\n");
-
-                len = i2d_X509(x, NULL);
-                m = app_malloc(len, "x509 name buffer");
-                d = (unsigned char *)m;
-                len = i2d_X509_NAME(X509_get_subject_name(x), &d);
-                print_array(out, "the_subject_name", len, (unsigned char *)m);
-                d = (unsigned char *)m;
-                len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d);
-                print_array(out, "the_public_key", len, (unsigned char *)m);
-                d = (unsigned char *)m;
-                len = i2d_X509(x, &d);
-                print_array(out, "the_certificate", len, (unsigned char *)m);
-                OPENSSL_free(m);
             } else if (text == i) {
                 X509_print_ex(out, x, get_nameopt(), certflag);
             } else if (startdate == i) {

diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in
index c6b27a504c615d0ef2b94b22d4df5adc2d4f5014..e3e1fd2004d442d0ad0a2a998649bc31e6c747e7 100644 (file)
--- a/doc/man1/openssl-x509.pod.in
+++ b/doc/man1/openssl-x509.pod.in
@@ -65,7 +65,6 @@ B<openssl> B<x509>
 [B<-checkhost> I<host>]
 [B<-checkemail> I<host>]
 [B<-checkip> I<ipaddr>]
-[B<-C>]
 [B<-I<digest>>]
 [B<-clrext>]
 [B<-extfile> I<filename>]
@@ -271,10 +270,6 @@ This is commonly called a "fingerprint". Because of the nature of message
 digests, the fingerprint of a certificate is unique to that certificate and
 two certificates with the same fingerprint can be considered to be the same.
 
-=item B<-C>
-
-This outputs the certificate in the form of a C source file.
-
 =back
 
 =head2 Trust Settings
@@ -843,6 +838,8 @@ The B<-CAform> option has become obsolete in OpenSSL 3.0.0 and has no effect.
 
 The B<-engine> option was deprecated in OpenSSL 3.0.
 
+The B<-C> option was removed in OpenSSL 3.0.
+
 =head1 COPYRIGHT
 
 Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.