diff options
| author | Hugo Landau <hlandau@openssl.org> | 2022-03-01 13:55:03 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2022-03-03 10:21:51 +0100 |
| commit | df5c86e9f80d14d699bad4c8889292fd9b4bd7ba (patch) | |
| tree | 42b0f5817207365a6bb2db8a68da4b6c6b2e7dd6 /apps/req.c | |
| parent | Improve documentation of BIO_FLAGS_BASE64_NO_NL flag. (diff) | |
| download | openssl-df5c86e9f80d14d699bad4c8889292fd9b4bd7ba.tar.xz openssl-df5c86e9f80d14d699bad4c8889292fd9b4bd7ba.zip | |
Enable openssl req -x509 to create certificates from CSRs
`openssl req -x509` has code allowing it to generate certificates from CSRs
as a replacement for `openssl x509`, but a bug prevents it from working
properly. -CA and -CAkey can now be passed to generate a CA-signed
certificate as documented in openssl-req(1).
Regression testing has been added to `openssl req`.
Fixes #17736.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17782)
Diffstat (limited to 'apps/req.c')
| -rw-r--r-- | apps/req.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/apps/req.c b/apps/req.c index 76b337f6bc..7e59e673e0 100644 --- a/apps/req.c +++ b/apps/req.c @@ -765,8 +765,9 @@ int req_main(int argc, char **argv) } } if (newreq || gen_x509) { - if (pkey == NULL /* can happen only if !newreq */) { - BIO_printf(bio_err, "Must provide a signature key using -key\n"); + if (CAcert == NULL && pkey == NULL) { + BIO_printf(bio_err, "Must provide a signature key using -key or" + " provide -CA / -CAkey\n"); goto end; } |