Make 'openssl req -x509' more equivalent to 'openssl req -new'
authorRichard Levitte <levitte@openssl.org>
Mon, 22 Aug 2016 12:53:53 +0000 (14:53 +0200)
committerRichard Levitte <levitte@openssl.org>
Mon, 22 Aug 2016 13:28:00 +0000 (15:28 +0200)
The following would fail, or rather, freeze:

    openssl genrsa -out rsa2048.pem 2048
    openssl req -x509 -key rsa2048.pem -keyform PEM -out cert.pem

In that case, the second command wants to read a certificate request
from stdin, because -x509 wasn't fully flagged as being for creating
something new.  This changes makes it fully flagged.

RT#4655

Reviewed-by: Andy Polyakov <appro@openssl.org>
apps/req.c

index bd18708..2666124 100644 (file)
@@ -289,6 +289,7 @@ int req_main(int argc, char **argv)
             break;
         case OPT_X509:
             x509 = 1;
+            newreq = 1;
             break;
         case OPT_DAYS:
             days = atoi(opt_arg());
@@ -578,7 +579,7 @@ int req_main(int argc, char **argv)
         }
     }
 
-    if (newreq || x509) {
+    if (newreq) {
         if (pkey == NULL) {
             BIO_printf(bio_err, "you need to specify a private key\n");
             goto end;