### Changes between 3.5 and 3.6 [xx XXX xxxx]
+ * Changed openssl-pkey(1) to match the documentation when private keys
+ are output in DER format (`-outform DER`) by producing the `PKCS#8` form by
+ default. Previously this would output the *traditional* form for those
+ older key types (`DSA`, `RSA`, `ECDSA`) that had such a form. The
+ `-traditional` flag has been extended to support explicit requests to output
+ that format in DER format (it was previously PEM-only).
+
+ *Viktor Dukhovni*
+
* Support setting a free function thunk to OPENSSL_sk stack types. Using a thunk
allows the type specific free function to be called with the correct type
information from generic functions like OPENSSL_sk_pop_free().
if (text && text_pub)
BIO_printf(bio_err,
"Warning: The -text option is ignored with -text_pub\n");
- if (traditional && (noout || outformat != FORMAT_PEM))
+ if (traditional && (noout || pubout))
BIO_printf(bio_err,
- "Warning: The -traditional is ignored since there is no PEM output\n");
+ "Warning: -traditional is ignored with no private key output\n");
/* -pubout and -text is the same as -text_pub */
if (!text_pub && pubout && text) {
goto end;
} else {
assert(private);
- if (!i2d_PrivateKey_bio(out, pkey))
- goto end;
+ if (traditional) {
+ if (!i2d_PrivateKey_bio(out, pkey))
+ goto end;
+ } else {
+ if (!i2d_PKCS8PrivateKey_bio(out, pkey, NULL, NULL, 0,
+ NULL, NULL))
+ goto end;
+ }
}
} else {
BIO_printf(bio_err, "Bad format specified for key\n");
my $der_out = 'key.der';
my $pem_out = 'key.pem';
- ok(run(app([@app, '-in', $in_key, '-outform', 'DER',
- '-out', $der_out])),
+ ok(run(app([@app, '-in', $in_key, qw(-traditional -outform DER -out),
+ $der_out])),
"write DER-encoded pkey");
ok(run(app(['openssl', 'asn1parse', '-in', $der_out, '-inform', 'DER',
projects / thirdparty / openssl.git / commitdiff
