git.ipfire.org Git - thirdparty/openssl.git/commit

author	Viktor Dukhovni <openssl-users@dukhovni.org>
	Fri, 18 Apr 2025 04:18:09 +0000 (14:18 +1000)
committer	Tomas Mraz <tomas@openssl.org>
	Wed, 4 Jun 2025 15:34:45 +0000 (17:34 +0200)
commit	bdb9184aa6b7401cbf470cf9bc51acaceb3bae95
tree	3fc5bebcf282ea026826432a68bb50121c00fb80	tree
parent	7b001e5a100d964806616540978d3c0dec1938cf	commit \| diff

Avoid shell commandline processing in CA.pl

The CA.pl script used to build single-string string commandlines to pass
to a shell via `system(command_string)`.  That was fragile and not a best
practice.

This PR replaces `system(command_string)` with `system { executable } @argv`,
which avoids the shell whenever possible (at least Unix-like systems and
Windows).  The only question mark is whether some sort of quoting is
needed for VMS to preserve the case of commandline arguments even when
processes are spawned directly, rather than via the shell.

Unfortunately, given the way that some environment variables and
command-line options are used to construct the commands to run,
the result is still brittle.  The CA.pl utility really should
be replaced with something better.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27432)

(cherry picked from commit 0b1bdef38ef1e3369a7bcde1b9a6eabe44b10e54)

apps/CA.pl.in		diff \| blob \| blame \| history
test/recipes/80-test_ca.t		diff \| blob \| blame \| history