root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Remove -C option from x509 command 

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13384)
This commit is contained in:
Rich Salz 2020-11-11 19:10:22 -05:00 committed by Richard Levitte
parent 1696b8909b
commit a18cf8fc63
3 changed files with 6 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES.md
View File

@ -27,7 +27,8 @@ OpenSSL 3.0
*Paul Dale* *Paul Dale*
* The -C option to the dhparam, dsaparam, and ecparam commands were removed. * The -C option to the x509, dhparam, dsaparam, and ecparam commands
were removed.
*Rich Salz* *Rich Salz*

30
apps/x509.c
View File

@ -54,7 +54,7 @@ typedef enum OPTION_choice {
OPT_EXTENSIONS, OPT_IN, OPT_OUT, OPT_SIGNKEY, OPT_CA, OPT_CAKEY, OPT_EXTENSIONS, OPT_IN, OPT_OUT, OPT_SIGNKEY, OPT_CA, OPT_CAKEY,
OPT_CASERIAL, OPT_SET_SERIAL, OPT_NEW, OPT_FORCE_PUBKEY, OPT_SUBJ, OPT_CASERIAL, OPT_SET_SERIAL, OPT_NEW, OPT_FORCE_PUBKEY, OPT_SUBJ,
OPT_ADDTRUST, OPT_ADDREJECT, OPT_SETALIAS, OPT_CERTOPT, OPT_NAMEOPT, OPT_ADDTRUST, OPT_ADDREJECT, OPT_SETALIAS, OPT_CERTOPT, OPT_NAMEOPT,
OPT_C, OPT_EMAIL, OPT_OCSP_URI, OPT_SERIAL, OPT_NEXT_SERIAL, OPT_EMAIL, OPT_OCSP_URI, OPT_SERIAL, OPT_NEXT_SERIAL,
OPT_MODULUS, OPT_PUBKEY, OPT_X509TOREQ, OPT_TEXT, OPT_HASH, OPT_MODULUS, OPT_PUBKEY, OPT_X509TOREQ, OPT_TEXT, OPT_HASH,
OPT_ISSUER_HASH, OPT_SUBJECT, OPT_ISSUER, OPT_FINGERPRINT, OPT_DATES, OPT_ISSUER_HASH, OPT_SUBJECT, OPT_ISSUER, OPT_FINGERPRINT, OPT_DATES,
OPT_PURPOSE, OPT_STARTDATE, OPT_ENDDATE, OPT_CHECKEND, OPT_CHECKHOST, OPT_PURPOSE, OPT_STARTDATE, OPT_ENDDATE, OPT_CHECKEND, OPT_CHECKHOST,
@ -110,7 +110,6 @@ const OPTIONS x509_options[] = {
{OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"}, {OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"},
{"text", OPT_TEXT, '-', "Print the certificate in text form"}, {"text", OPT_TEXT, '-', "Print the certificate in text form"},
{"ext", OPT_EXT, 's', "Print various X509V3 extensions"}, {"ext", OPT_EXT, 's', "Print various X509V3 extensions"},
{"C", OPT_C, '-', "Print out C code forms"},
#ifndef OPENSSL_NO_MD5 #ifndef OPENSSL_NO_MD5
{"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
"Print old-style (MD5) subject hash value"}, "Print old-style (MD5) subject hash value"},
@ -188,7 +187,7 @@ int x509_main(int argc, char **argv)
char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL; char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL;
char *prog; char *prog;
int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0, pprint = 0; int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0, pprint = 0;
int C = 0, CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM; int CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM;
int fingerprint = 0, reqfile = 0, checkend = 0; int fingerprint = 0, reqfile = 0, checkend = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM; int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
int next_serial = 0, subject_hash = 0, issuer_hash = 0, ocspid = 0; int next_serial = 0, subject_hash = 0, issuer_hash = 0, ocspid = 0;
@ -360,9 +359,6 @@ int x509_main(int argc, char **argv)
case OPT_ENGINE: case OPT_ENGINE:
e = setup_engine(opt_arg(), 0); e = setup_engine(opt_arg(), 0);
break; break;
case OPT_C:
C = ++num;
break;
case OPT_EMAIL: case OPT_EMAIL:
email = ++num; email = ++num;
break; break;
@ -788,28 +784,6 @@ int x509_main(int argc, char **argv)
goto end; goto end;
} }
PEM_write_bio_PUBKEY(out, pkey); PEM_write_bio_PUBKEY(out, pkey);
} else if (C == i) {
unsigned char *d;
char *m;
int len;
print_name(out, "/*\n"
" * Subject: ", X509_get_subject_name(x), get_nameopt());
print_name(out, " * Issuer: ", X509_get_issuer_name(x), get_nameopt());
BIO_puts(out, " */\n");
len = i2d_X509(x, NULL);
m = app_malloc(len, "x509 name buffer");
d = (unsigned char *)m;
len = i2d_X509_NAME(X509_get_subject_name(x), &d);
print_array(out, "the_subject_name", len, (unsigned char *)m);
d = (unsigned char *)m;
len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d);
print_array(out, "the_public_key", len, (unsigned char *)m);
d = (unsigned char *)m;
len = i2d_X509(x, &d);
print_array(out, "the_certificate", len, (unsigned char *)m);
OPENSSL_free(m);
} else if (text == i) { } else if (text == i) {
X509_print_ex(out, x, get_nameopt(), certflag); X509_print_ex(out, x, get_nameopt(), certflag);
} else if (startdate == i) { } else if (startdate == i) {

7
doc/man1/openssl-x509.pod.in
View File

@ -65,7 +65,6 @@ B<openssl> B<x509>
[B<-checkhost> I<host>] [B<-checkhost> I<host>]
[B<-checkemail> I<host>] [B<-checkemail> I<host>]
[B<-checkip> I<ipaddr>] [B<-checkip> I<ipaddr>]
[B<-C>]
[B<-I<digest>>] [B<-I<digest>>]
[B<-clrext>] [B<-clrext>]
[B<-extfile> I<filename>] [B<-extfile> I<filename>]
@ -271,10 +270,6 @@ This is commonly called a "fingerprint". Because of the nature of message
digests, the fingerprint of a certificate is unique to that certificate and digests, the fingerprint of a certificate is unique to that certificate and
two certificates with the same fingerprint can be considered to be the same. two certificates with the same fingerprint can be considered to be the same.
=item B<-C>
This outputs the certificate in the form of a C source file.
=back =back
=head2 Trust Settings =head2 Trust Settings
@ -843,6 +838,8 @@ The B<-CAform> option has become obsolete in OpenSSL 3.0.0 and has no effect.
The B<-engine> option was deprecated in OpenSSL 3.0. The B<-engine> option was deprecated in OpenSSL 3.0.
The B<-C> option was removed in OpenSSL 3.0.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.