Fix regression in openssl req -x509 behaviour.

Allow conversion of existing requests to certificates again.
Fixes the issue #3396

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3485)

diff --git a/apps/req.c b/apps/req.c
index cdea1f61119472d42540fac41e6cc67d1b390453..ede1d32cae62cc165bd2a1ca8429650bf5aaf7a7 100644 (file)
--- a/apps/req.c
+++ b/apps/req.c
@@ -331,7 +331,6 @@ int MAIN(int argc, char **argv)
         else if (strcmp(*argv, "-text") == 0)
             text = 1;
         else if (strcmp(*argv, "-x509") == 0) {
-            newreq = 1;
             x509 = 1;
         } else if (strcmp(*argv, "-asn1-kludge") == 0)
             kludge = 1;
@@ -447,6 +446,9 @@ int MAIN(int argc, char **argv)
         goto end;
     }
 
+    if (x509 && infile == NULL)
+        newreq = 1;
+
     ERR_load_crypto_strings();
     if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
         BIO_printf(bio_err, "Error getting passwords\n");
@@ -753,7 +755,7 @@ int MAIN(int argc, char **argv)
         }
     }
 
-    if (newreq) {
+    if (newreq || x509) {
         if (pkey == NULL) {
             BIO_printf(bio_err, "you need to specify a private key\n");
             goto end;

diff --git a/doc/apps/req.pod b/doc/apps/req.pod
index 30653e509357778f9b3a3f91c077036bf735e08e..1682ba5143dd02ffee6c81de107fc078375b7938 100644 (file)
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -237,6 +237,9 @@ a self signed root CA. The extensions added to the certificate
 using the B<set_serial> option, a large random number will be used for
 the serial number.
 
+If existing request is specified with the B<-in> option, it is converted
+to the self signed certificate otherwise new request is created.
+
 =item B<-days n>
 
 when the B<-x509> option is being used this specifies the number of