diff options
| author | tb <> | 2021-10-23 11:36:44 +0000 |
|---|---|---|
| committer | tb <> | 2021-10-23 11:36:44 +0000 |
| commit | e108c02d6e802696686703a2cee67d276079832b (patch) | |
| tree | b89a0fcdc6948811ccee0dc527504906ebdbee18 /src/usr.bin/openssl/req.c | |
| parent | 64138904c3f088bafa171c1f6375dba75080079e (diff) | |
| download | openbsd-e108c02d6e802696686703a2cee67d276079832b.tar.gz openbsd-e108c02d6e802696686703a2cee67d276079832b.tar.bz2 openbsd-e108c02d6e802696686703a2cee67d276079832b.zip | |
Nuke the asn1-kludge. This was a workaround for CAs with broken PCKS#10
encoders many moons ago. OpenSSL removed it in 2015.
ok beck jsing
Diffstat (limited to 'src/usr.bin/openssl/req.c')
| -rw-r--r-- | src/usr.bin/openssl/req.c | 28 |
1 files changed, 3 insertions, 25 deletions
diff --git a/src/usr.bin/openssl/req.c b/src/usr.bin/openssl/req.c index aaf3dceb30..4ab091a097 100644 --- a/src/usr.bin/openssl/req.c +++ b/src/usr.bin/openssl/req.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: req.c,v 1.20 2021/10/22 09:44:30 tb Exp $ */ | 1 | /* $OpenBSD: req.c,v 1.21 2021/10/23 11:36:44 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -143,7 +143,6 @@ struct { | |||
| 143 | char *keyfile; | 143 | char *keyfile; |
| 144 | int keyform; | 144 | int keyform; |
| 145 | char *keyout; | 145 | char *keyout; |
| 146 | int kludge; | ||
| 147 | int modulus; | 146 | int modulus; |
| 148 | int multirdn; | 147 | int multirdn; |
| 149 | int newhdr; | 148 | int newhdr; |
| @@ -296,12 +295,6 @@ static const struct option req_options[] = { | |||
| 296 | .opt.argfunc = req_opt_addext, | 295 | .opt.argfunc = req_opt_addext, |
| 297 | }, | 296 | }, |
| 298 | { | 297 | { |
| 299 | .name = "asn1-kludge", | ||
| 300 | .type = OPTION_VALUE, | ||
| 301 | .opt.value = &req_config.kludge, | ||
| 302 | .value = 1, | ||
| 303 | }, | ||
| 304 | { | ||
| 305 | .name = "batch", | 298 | .name = "batch", |
| 306 | .desc = "Operate in batch mode", | 299 | .desc = "Operate in batch mode", |
| 307 | .type = OPTION_FLAG, | 300 | .type = OPTION_FLAG, |
| @@ -402,12 +395,6 @@ static const struct option req_options[] = { | |||
| 402 | .opt.argfunc = req_opt_newkey, | 395 | .opt.argfunc = req_opt_newkey, |
| 403 | }, | 396 | }, |
| 404 | { | 397 | { |
| 405 | .name = "no-asn1-kludge", | ||
| 406 | .type = OPTION_VALUE, | ||
| 407 | .opt.value = &req_config.kludge, | ||
| 408 | .value = 0, | ||
| 409 | }, | ||
| 410 | { | ||
| 411 | .name = "nodes", | 398 | .name = "nodes", |
| 412 | .desc = "Do not encrypt output private key", | 399 | .desc = "Do not encrypt output private key", |
| 413 | .type = OPTION_FLAG, | 400 | .type = OPTION_FLAG, |
| @@ -544,12 +531,12 @@ static void | |||
| 544 | req_usage(void) | 531 | req_usage(void) |
| 545 | { | 532 | { |
| 546 | fprintf(stderr, | 533 | fprintf(stderr, |
| 547 | "usage: req [-addext ext] [-asn1-kludge] [-batch] [-config file]\n" | 534 | "usage: req [-addext ext] [-batch] [-config file]\n" |
| 548 | " [-days n] [-extensions section] [-in file]\n" | 535 | " [-days n] [-extensions section] [-in file]\n" |
| 549 | " [-inform der | pem] [-key keyfile] [-keyform der | pem]\n" | 536 | " [-inform der | pem] [-key keyfile] [-keyform der | pem]\n" |
| 550 | " [-keyout file] [-md4 | -md5 | -sha1] [-modulus]\n" | 537 | " [-keyout file] [-md4 | -md5 | -sha1] [-modulus]\n" |
| 551 | " [-multivalue-rdn] [-nameopt option] [-new] [-newhdr]\n" | 538 | " [-multivalue-rdn] [-nameopt option] [-new] [-newhdr]\n" |
| 552 | " [-newkey arg] [-no-asn1-kludge] [-nodes] [-noout]\n" | 539 | " [-newkey arg] [-nodes] [-noout]\n" |
| 553 | " [-out file] [-outform der | pem] [-passin arg]\n" | 540 | " [-out file] [-outform der | pem] [-passin arg]\n" |
| 554 | " [-passout arg] [-pkeyopt opt:value] [-pubkey]\n" | 541 | " [-passout arg] [-pkeyopt opt:value] [-pubkey]\n" |
| 555 | " [-reqexts section] [-reqopt option] [-set_serial n]\n" | 542 | " [-reqexts section] [-reqopt option] [-set_serial n]\n" |
| @@ -851,11 +838,6 @@ req_main(int argc, char **argv) | |||
| 851 | BIO_printf(bio_err, "-----\n"); | 838 | BIO_printf(bio_err, "-----\n"); |
| 852 | } | 839 | } |
| 853 | if (!req_config.newreq) { | 840 | if (!req_config.newreq) { |
| 854 | /* | ||
| 855 | * Since we are using a pre-existing certificate request, the | ||
| 856 | * kludge 'format' info should not be changed. | ||
| 857 | */ | ||
| 858 | req_config.kludge = -1; | ||
| 859 | if (req_config.infile == NULL) | 841 | if (req_config.infile == NULL) |
| 860 | BIO_set_fp(in, stdin, BIO_NOCLOSE); | 842 | BIO_set_fp(in, stdin, BIO_NOCLOSE); |
| 861 | else { | 843 | else { |
| @@ -890,10 +872,6 @@ req_main(int argc, char **argv) | |||
| 890 | } | 872 | } |
| 891 | i = make_REQ(req, pkey, req_config.subj, req_config.multirdn, !req_config.x509, req_config.chtype); | 873 | i = make_REQ(req, pkey, req_config.subj, req_config.multirdn, !req_config.x509, req_config.chtype); |
| 892 | req_config.subj = NULL; /* done processing '-subj' option */ | 874 | req_config.subj = NULL; /* done processing '-subj' option */ |
| 893 | if ((req_config.kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) { | ||
| 894 | sk_X509_ATTRIBUTE_free(req->req_info->attributes); | ||
| 895 | req->req_info->attributes = NULL; | ||
| 896 | } | ||
| 897 | if (!i) { | 875 | if (!i) { |
| 898 | BIO_printf(bio_err, "problems making Certificate Request\n"); | 876 | BIO_printf(bio_err, "problems making Certificate Request\n"); |
| 899 | goto end; | 877 | goto end; |