New -newreq-nodes option to CA.pl.

Submitted by: Damien Miller <djm@mindrot.org>

diff --git a/CHANGES b/CHANGES
index 0e115315a3e1ece176bb86927c2c88dd1fc8fd76..0213d865db4a5e7850578488907350b028c2b8dd 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,11 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) New '-newreq-nodes' command option to CA.pl.  This is like
+     '-newreq', but calls 'openssl req' with the '-nodes' option
+     so that the resulting key is not encrypted.
+     [Damien Miller <djm@mindrot.org>]
+
   *) New configuration for the GNU Hurd.
      [Jonathan Bartlett <johnnyb@wolfram.com> via Richard Levitte]
 

diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index f1ac7e772690c1b61509cc58732f6fba71e7a5a7..8b2ce7ea4248250f8109c75c0212e8352f0d2c06 100644 (file)
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -5,7 +5,7 @@
 #      things easier between now and when Eric is convinced to fix it :-)
 #
 # CA -newca ... will setup the right stuff
-# CA -newreq ... will generate a certificate request 
+# CA -newreq[-nodes] ... will generate a certificate request 
 # CA -sign ... will sign the generated request and output 
 #
 # At the end of that grab newreq.pem and newcert.pem (one has the key 
@@ -54,7 +54,7 @@ $RET = 0;
 
 foreach (@ARGV) {
        if ( /^(-\?|-h|-help)$/ ) {
-           print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+           print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
            exit 0;
        } elsif (/^-newcert$/) {
            # create a certificate
@@ -66,6 +66,11 @@ foreach (@ARGV) {
            system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
            $RET=$?;
            print "Request (and private key) is in newreq.pem\n";
+       } elsif (/^-newreq-nodes$/) {
+           # create a certificate request
+           system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
+           $RET=$?;
+           print "Request (and private key) is in newreq.pem\n";
        } elsif (/^-newca$/) {
                # if explicitly asked for or it doesn't exist then setup the
                # directory structure that Eric likes to manage things 
@@ -143,7 +148,7 @@ foreach (@ARGV) {
            }
        } else {
            print STDERR "Unknown arg $_\n";
-           print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+           print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
            exit 1;
        }
 }

diff --git a/doc/apps/CA.pl.pod b/doc/apps/CA.pl.pod
index 63cd1320cc764265b0846770f6572ae460533d7d..58e0f5200100c248d271a7ffefe523ed4a5aa65e 100644 (file)
--- a/doc/apps/CA.pl.pod
+++ b/doc/apps/CA.pl.pod
@@ -13,6 +13,7 @@ B<CA.pl>
 [B<-help>]
 [B<-newcert>]
 [B<-newreq>]
+[B<-newreq-nodes>]
 [B<-newca>]
 [B<-xsign>]
 [B<-sign>]
@@ -46,6 +47,10 @@ written to the file "newreq.pem".
 creates a new certificate request. The private key and request are
 written to the file "newreq.pem".
 
+=item B<-newreq-nowdes>
+
+is like B<-newreq> except that the private key will not be encrypted.
+
 =item B<-newca>
 
 creates a new CA hierarchy for use with the B<ca> program (or the B<-signcert>