Version: 1.1.0~pre5-5 On 2003-01-13 18:47:28 [+0100], Florian Weimer wrote: > "Richard Levitte via RT" <r...@openssl.org> writes: > > "openssl ca" is one of them, and probably the most cumbersome. > "openssl req -new -out $FILE" does not verify that $FILE is a writable > file.
since exp: |$ openssl req -new -out das |req: Cannot open output file das, Permission denied |req: Use -help for summary. However for ca the situation is slightly different: openssl req -new -x509 -days 7 -config test.cnf -keyform PEM -keyout \ private/cakey.pem -outform PEM -out certs/cacert.pem will bail out before asking for password if cakey.pem can not be created _but_ after it ate entropy and craeted a RSA key. And then it will complain if it can't create cacert.pem But since it won't ask for a password before doing any work I count it as win and close the as fixed :) The upstream bug was rejected because people might rely on existing behaviour. If you *plan* on getting changes here (like first check permissions for output files then create the key and as for pass) I suggest to ask for it (with a patch :) ) before 1.1.0 is done. Sebastian