git.ipfire.org Git - thirdparty/openssl.git/commit

author	Viktor Dukhovni <openssl-users@dukhovni.org>
	Fri, 18 Apr 2025 04:18:09 +0000 (14:18 +1000)
committer	Tomas Mraz <tomas@openssl.org>
	Wed, 4 Jun 2025 15:34:29 +0000 (17:34 +0200)
commit	b25f51a5dc3831f9358637e4372bf76b76d4f864
tree	207855fcd42f0bebcf13cfac1f608230cc3273ab	tree
parent	c638e92838b2acfaacd67d88d789ca4a46a584ab	commit \| diff

Avoid shell commandline processing in CA.pl

The CA.pl script used to build single-string string commandlines to pass
to a shell via `system(command_string)`.  That was fragile and not a best
practice.

This PR replaces `system(command_string)` with `system { executable } @argv`,
which avoids the shell whenever possible (at least Unix-like systems and
Windows).  The only question mark is whether some sort of quoting is
needed for VMS to preserve the case of commandline arguments even when
processes are spawned directly, rather than via the shell.

Unfortunately, given the way that some environment variables and
command-line options are used to construct the commands to run,
the result is still brittle.  The CA.pl utility really should
be replaced with something better.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27432)

(cherry picked from commit 0b1bdef38ef1e3369a7bcde1b9a6eabe44b10e54)

apps/CA.pl.in		diff \| blob \| blame \| history
test/recipes/80-test_ca.t		diff \| blob \| blame \| history