Hello,
Running the following command always fails, because the code is hard-coded to
assume all Certification Requests are received in PEM format, despite that it
is not documented in the manual or the CLI help output.
openssl x509 \
-inform der \
-keyform der \
-outform der \
-req \
-in test-ca.csr \
-signkey test-ca.key \
-out test-ca.der \
-days 1825
The code below seems to be the cause:
567 if (reqfile)
568 {
569 EVP_PKEY *pkey;
570 BIO *in;
571
572 if (!sign_flag && !CA_flag)
573 {
574 BIO_printf(bio_err,"We need a private key to sign with\n");
575 goto end;
576 }
577 in=BIO_new(BIO_s_file());
578 if (in == NULL)
579 {
580 ERR_print_errors(bio_err);
581 goto end;
582 }
583
584 if (infile == NULL)
585 BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT);
586 else
587 {
588 if (BIO_read_filename(in,infile) <= 0)
589 {
590 perror(infile);
591 BIO_free(in);
592 goto end;
593 }
594 }
595 req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL); *** INCORRECT ***
596 BIO_free(in);
This code should respect the input format specific using -inform, when reading
the CR file specified by -req.
Regards,
Matthew Hall
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
