From 0ae8d4ca9e2db5fd93683dbc42d28c2eba18045d Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Wed, 6 Jan 2021 12:12:25 +0100 Subject: [PATCH] apps/req.c: Cosmetic improvements of code and documentation Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13658) --- apps/req.c | 11 +++++------ doc/man1/openssl-req.pod.in | 14 ++++++++------ 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/apps/req.c b/apps/req.c index 5663eebc45e..3aef8882a83 100644 --- a/apps/req.c +++ b/apps/req.c @@ -437,7 +437,8 @@ int req_main(int argc, char **argv) break; case OPT_COPY_EXTENSIONS: if (!set_ext_copy(&ext_copy, opt_arg())) { - BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", opt_arg()); + BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", + opt_arg()); goto end; } break; @@ -837,13 +838,12 @@ int req_main(int argc, char **argv) goto end; if (!pub_key || !X509_set_pubkey(new_x509, pub_key)) goto end; - if (ext_copy == EXT_COPY_UNSET) + if (ext_copy == EXT_COPY_UNSET) { BIO_printf(bio_err, "Warning: No -copy_extensions given; ignoring any extensions in the request\n"); - else if (!copy_extensions(new_x509, req, ext_copy)) { + } else if (!copy_extensions(new_x509, req, ext_copy)) { BIO_printf(bio_err, "Error copying extensions from request\n"); goto end; } - /* TODO: (optionally) copy X.509 extensions from req */ /* Set up V3 context struct */ X509V3_set_ctx(&ext_ctx, CAcert != NULL ? CAcert : new_x509, @@ -1116,8 +1116,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, X509_NAME *fsubj, } } - /* tentatively set X.509 version 1 */ - if (!X509_REQ_set_version(req, 0L)) + if (!X509_REQ_set_version(req, 0L)) /* so far there is only version 1 */ goto err; if (fsubj != NULL) diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index 141774b7db2..ac83f356922 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -270,6 +270,7 @@ a large random number will be used for the serial number. Unless the B<-copy_extensions> option is used, X.509 extensions are not copied from any provided request input file. + X.509 extensions to be added can be specified in the configuration file or using the B<-addext> option. @@ -294,16 +295,17 @@ be a positive integer. The default is 30 days. =item B<-set_serial> I -Serial number to use when outputting a self-signed certificate. This -may be specified as a decimal value or a hex value if preceded by C<0x>. +Serial number to use when outputting a self-signed certificate. +This may be specified as a decimal value or a hex value if preceded by C<0x>. +If not given, a large random number will be used. =item B<-copy_extensions> I -Determines how extensions in certificate requests should be handled when B<-x509> is given. -If I is B or this option is not present -then extensions present in the request are ignored. +Determines how X.509 extensions in certificate requests should be handled +when B<-x509> is given. +If I is B or this option is not present then extensions are ignored. If I is B or B then -any extensions present in the request are copied to the certificate. +all extensions in the request are copied to the certificate. The main use of this option is to allow a certificate request to supply values for certain extensions such as subjectAltName. -- 2.47.2