The openssl command does not recognize options after positional
arguments, so in "openssl genrsa $KEYSIZE -nodes", the "-nodes" was
ignored as a excess positional argument prior to OpenSSL 1.1.0h, and
now causes an error. "-nodes" is an option to the openssl req and
pkcs12 subcommands, but genrsa creates unencrypted keys by default.
[ghudson@mit.edu: edited commit message]
EOF
# Generate a private key.
-openssl genrsa $KEYSIZE -nodes > privkey.pem
+openssl genrsa $KEYSIZE > privkey.pem
openssl rsa -in privkey.pem -out privkey-enc.pem -des3 -passout pass:encrypted
# Generate a "CA" certificate.
EOF
# Generate a private key.
-openssl genrsa $KEYSIZE -nodes > privkey.pem
+openssl genrsa $KEYSIZE > privkey.pem
# Generate a "CA" certificate.
SUBJECT=signer openssl req -config openssl.cnf -new -x509 -extensions exts_ca \
projects / thirdparty / krb5.git / commitdiff
