Quoting from openssl-SNAP-20090316/apps/apps.c:
258 if ((*s == 'D') || (*s == 'd'))
259 return(FORMAT_ASN1);
260 else if ((*s == 'T') || (*s == 't'))
261 return(FORMAT_TEXT);
262 else if ((*s == 'P') || (*s == 'p'))
263 {
264 if (s[1] == 'V' || s[1] == 'v')
265 return FORMAT_PVK;
266 else
267 return(FORMAT_PEM);
268 }
269 else if ((*s == 'N') || (*s == 'n'))
270 return(FORMAT_NETSCAPE);
271 else if ((*s == 'S') || (*s == 's'))
272 return(FORMAT_SMIME);
273 else if ((*s == 'M') || (*s == 'm'))
274 return(FORMAT_MSBLOB);
275 else if ((*s == '1')
276 || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
277 || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
278 return(FORMAT_PKCS12);
The tests on lines 276 and 277 are never reached because the tested strings
also match a previous, more general test on line 262. Curiously, a similar
collision between FORMAT_PEM and FORMAT_PVK is handled on line 264.
STEPS TO REPRODUCE
Specify a "-keyform pkcs12" argument to openssl and it will behave as if
you specified "-keyform pem". The only way to really use PKCS12 is to
specify "-keyform 1" (see line 275).
I'm currently unable to provide a patch but it should be relatively
trivial.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
