Make PKCS#8 the standard write format for private keys, replacing the

ancient SSLeay format.

diff --git a/CHANGES b/CHANGES
index 829a7da5b9e0c0218dff3eac16a60a79d2b9aee1..66e812c8091dff244c135fc2b8134b66440663be 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 0.9.8j and 0.9.9  [xx XXX xxxx]
 
 
  Changes between 0.9.8j and 0.9.9  [xx XXX xxxx]
 

+  *) Make PKCS#8 the default write format for private keys, replacing the
+     traditional format. This form is standardised, more secure and doesn't
+     include an implicit MD5 dependency.
+     [Steve Henson]
+

   *) Add a $gcc_devteam_warn option to Configure. The idea is that any code
      committed to OpenSSL should pass this lot as a minimum.
      [Steve Henson]
   *) Add a $gcc_devteam_warn option to Configure. The idea is that any code
      committed to OpenSSL should pass this lot as a minimum.
      [Steve Henson]

diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index cb208a75185a95c017c51dabeee27e7fcd074190..8ecf24903bc2c0d598722b99dc3dbf9180477b4c 100644 (file)
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -142,7 +142,7 @@ int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
                                                pem_password_cb *cb, void *u)
        {
        char pem_str[80];
                                                pem_password_cb *cb, void *u)
        {
        char pem_str[80];

-       if (!x->ameth || !x->ameth->old_priv_encode)
+       if (!x->ameth || x->ameth->priv_encode)

                return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
                                                        (char *)kstr, klen,
                                                        cb, u);
                return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
                                                        (char *)kstr, klen,
                                                        cb, u);