-.\" $OpenBSD: openssl.1,v 1.132 2021/09/05 06:16:30 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.133 2021/10/23 11:36:44 tb Exp $
.\" ====================================================================
.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
.\"
.\" copied and put under another distribution licence
.\" [including the GNU Public Licence.]
.\"
-.Dd $Mdocdate: September 5 2021 $
+.Dd $Mdocdate: October 23 2021 $
.Dt OPENSSL 1
.Os
.Sh NAME
.It Nm openssl req
.Bk -words
.Op Fl addext Ar ext
-.Op Fl asn1-kludge
.Op Fl batch
.Op Fl config Ar file
.Op Fl days Ar n
.Op Fl new
.Op Fl newhdr
.Op Fl newkey Ar arg
-.Op Fl no-asn1-kludge
.Op Fl nodes
.Op Fl noout
.Op Fl out Ar file
The argument must have the form of a key=value pair as it would appear in a
config file.
This option can be given multiple times.
-.It Fl asn1-kludge
-Produce requests in an invalid format for certain picky CAs.
-Very few CAs still require the use of this option.
.It Fl batch
Non-interactive mode.
.It Fl config Ar file
in which case any parameters can be specified via the
.Fl pkeyopt
option.
-.It Fl no-asn1-kludge
-Reverse the effect of
-.Fl asn1-kludge .
.It Fl nodes
Do not encrypt the private key.
.It Fl noout
-/* $OpenBSD: req.c,v 1.20 2021/10/22 09:44:30 tb Exp $ */
+/* $OpenBSD: req.c,v 1.21 2021/10/23 11:36:44 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
char *keyfile;
int keyform;
char *keyout;
- int kludge;
int modulus;
int multirdn;
int newhdr;
.type = OPTION_ARG_FUNC,
.opt.argfunc = req_opt_addext,
},
- {
- .name = "asn1-kludge",
- .type = OPTION_VALUE,
- .opt.value = &req_config.kludge,
- .value = 1,
- },
{
.name = "batch",
.desc = "Operate in batch mode",
.type = OPTION_ARG_FUNC,
.opt.argfunc = req_opt_newkey,
},
- {
- .name = "no-asn1-kludge",
- .type = OPTION_VALUE,
- .opt.value = &req_config.kludge,
- .value = 0,
- },
{
.name = "nodes",
.desc = "Do not encrypt output private key",
req_usage(void)
{
fprintf(stderr,
- "usage: req [-addext ext] [-asn1-kludge] [-batch] [-config file]\n"
+ "usage: req [-addext ext] [-batch] [-config file]\n"
" [-days n] [-extensions section] [-in file]\n"
" [-inform der | pem] [-key keyfile] [-keyform der | pem]\n"
" [-keyout file] [-md4 | -md5 | -sha1] [-modulus]\n"
" [-multivalue-rdn] [-nameopt option] [-new] [-newhdr]\n"
- " [-newkey arg] [-no-asn1-kludge] [-nodes] [-noout]\n"
+ " [-newkey arg] [-nodes] [-noout]\n"
" [-out file] [-outform der | pem] [-passin arg]\n"
" [-passout arg] [-pkeyopt opt:value] [-pubkey]\n"
" [-reqexts section] [-reqopt option] [-set_serial n]\n"
BIO_printf(bio_err, "-----\n");
}
if (!req_config.newreq) {
- /*
- * Since we are using a pre-existing certificate request, the
- * kludge 'format' info should not be changed.
- */
- req_config.kludge = -1;
if (req_config.infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
}
i = make_REQ(req, pkey, req_config.subj, req_config.multirdn, !req_config.x509, req_config.chtype);
req_config.subj = NULL; /* done processing '-subj' option */
- if ((req_config.kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) {
- sk_X509_ATTRIBUTE_free(req->req_info->attributes);
- req->req_info->attributes = NULL;
- }
if (!i) {
BIO_printf(bio_err, "problems making Certificate Request\n");
goto end;
projects / openbsd / commitdiff