Your message dated Wed, 14 Aug 2024 01:11:08 +0200 with message-id <8a5c4cb5-df22-4686-88f0-691e09d8a...@struktur.de> and subject line Re: openssl: verify does not support single dash parameter has caused the Debian Bug report #766052, regarding openssl: verify does not support single dash parameter to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 766052: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766052 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: openssl Version: 1.0.1j-1 Severity: normal Dear Maintainer, the single dash parameter is documented as follows: $ man verify | grep -iw -A6 -m1 synopsis SYNOPSIS openssl verify [-CApath directory] [-CAfile file] [-purpose purpose] [-policy arg] [-ignore_critical] [-crl_check] [-crl_check_all] [-policy_check] [-explicit_policy] [-inhibit_any] [-inhibit_map] [-x509_strict] [-extended_crl] [-use_deltas] [-policy_print] [-untrusted file] [-help] [-issuer_checks] [-attime timestamp] [-verbose] [-] [certificates] $ man verify | grep -E ' - ' - Indicates the last option. All arguments following this are assumed to but "openssl verify" fails if the dash is used: $ openssl verify - -pem usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-attime timestamp] [-engine e] cert1 cert2 ... recognized usages: sslclient SSL client sslserver SSL server nssslserver Netscape SSL server smimesign S/MIME signing smimeencrypt S/MIME encryption crlsign CRL signing any Any Purpose ocsphelper OCSP helper timestampsign Time Stamp signing a workaround with shell redirection: $ openssl verify < -pem stdin: OK it is expected that "openssl verify" processes "-" parameter as documented -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: armhf (armv7l) Foreign Architectures: armel Kernel: Linux 3.0.35-ygrex-utilite-dirty (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssl depends on: ii libc6 2.19-11 ii libssl1.0.0 1.0.1j-1 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20140927 -- no debconf information
--- End Message ---
--- Begin Message ---Control: notfound -1 3.3.1-2 Control: tags -1 patch This seems to be a problem in the documentation, where it has been changed in OpenSSL 3.0 [1] mentioning two dashes to separate the options from the filenames. With OpenSSL 1.1.1 (the oldest version still in Debian Bullseye and Buster), the documentation mentions a single dash [2], but using two dashes works as expected: $ openssl verify - -pem verify: Option unknown option - verify: Use -help for summary. $ openssl verify -- -pem Can't open -pem for reading, No such file or directory 140097939146048:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('-pem','r') 140097939146048:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76: unable to load certificate [1] https://docs.openssl.org/3.0/man1/openssl-verify/ [2] https://docs.openssl.org/1.1.1/man1/verify/ Feel free to reopen and use the attached patch for Buster and Bullseye in case this should be backported but closing as it's working as expected and is documented correctly in stable.From: Joachim Bauch <ba...@struktur.de> Date: Wed, 14 Aug 2024 00:53:41 +0200 Subject: Mention two dashes in manpage for "verify". A single dash as documented is not handled. Forwarded: not-needed Index: openssl/doc/man1/verify.pod =================================================================== --- openssl.orig/doc/man1/verify.pod +++ openssl/doc/man1/verify.pod @@ -50,7 +50,7 @@ B<openssl> B<verify> [B<-verify_name name>] [B<-x509_strict>] [B<-show_chain>] -[B<->] +[B<-->] [certificates] =head1 DESCRIPTION @@ -319,7 +319,7 @@ Display information about the certificat successful). Certificates in the chain that came from the untrusted list will be flagged as "untrusted". -=item B<-> +=item B<--> Indicates the last option. All arguments following this are assumed to be certificate files. This is useful if the first certificate filename beginsOpenPGP_signature.asc
Description: OpenPGP digital signature
--- End Message ---