git.ipfire.org Git - thirdparty/openssl.git/commit

author	Viktor Dukhovni <openssl-users@dukhovni.org>
	Fri, 18 Apr 2025 04:18:09 +0000 (14:18 +1000)
committer	Tomas Mraz <tomas@openssl.org>
	Wed, 4 Jun 2025 15:34:37 +0000 (17:34 +0200)
commit	6abade158b4d279d26e66fb4a24d797ba0cd0716
tree	c4afc33555053a8d88537b2f017df79f56e7c837	tree
parent	649a9c7fe5329586f585887501624a7529a35f7c	commit \| diff

Avoid shell commandline processing in CA.pl

The CA.pl script used to build single-string string commandlines to pass
to a shell via `system(command_string)`.  That was fragile and not a best
practice.

This PR replaces `system(command_string)` with `system { executable } @argv`,
which avoids the shell whenever possible (at least Unix-like systems and
Windows).  The only question mark is whether some sort of quoting is
needed for VMS to preserve the case of commandline arguments even when
processes are spawned directly, rather than via the shell.

Unfortunately, given the way that some environment variables and
command-line options are used to construct the commands to run,
the result is still brittle.  The CA.pl utility really should
be replaced with something better.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27432)

(cherry picked from commit 0b1bdef38ef1e3369a7bcde1b9a6eabe44b10e54)

apps/CA.pl.in		diff \| blob \| blame \| history
test/recipes/80-test_ca.t		diff \| blob \| blame \| history