mirror of https://github.com/openssl/openssl
apps/req.c: Cosmetic improvements of code and documentation
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658)
This commit is contained in:
parent
73b1d24c1a
commit
0ae8d4ca9e
11
apps/req.c
11
apps/req.c
|
@ -437,7 +437,8 @@ int req_main(int argc, char **argv)
|
|||
break;
|
||||
case OPT_COPY_EXTENSIONS:
|
||||
if (!set_ext_copy(&ext_copy, opt_arg())) {
|
||||
BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", opt_arg());
|
||||
BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n",
|
||||
opt_arg());
|
||||
goto end;
|
||||
}
|
||||
break;
|
||||
|
@ -837,13 +838,12 @@ int req_main(int argc, char **argv)
|
|||
goto end;
|
||||
if (!pub_key || !X509_set_pubkey(new_x509, pub_key))
|
||||
goto end;
|
||||
if (ext_copy == EXT_COPY_UNSET)
|
||||
if (ext_copy == EXT_COPY_UNSET) {
|
||||
BIO_printf(bio_err, "Warning: No -copy_extensions given; ignoring any extensions in the request\n");
|
||||
else if (!copy_extensions(new_x509, req, ext_copy)) {
|
||||
} else if (!copy_extensions(new_x509, req, ext_copy)) {
|
||||
BIO_printf(bio_err, "Error copying extensions from request\n");
|
||||
goto end;
|
||||
}
|
||||
/* TODO: (optionally) copy X.509 extensions from req */
|
||||
|
||||
/* Set up V3 context struct */
|
||||
X509V3_set_ctx(&ext_ctx, CAcert != NULL ? CAcert : new_x509,
|
||||
|
@ -1116,8 +1116,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, X509_NAME *fsubj,
|
|||
}
|
||||
}
|
||||
|
||||
/* tentatively set X.509 version 1 */
|
||||
if (!X509_REQ_set_version(req, 0L))
|
||||
if (!X509_REQ_set_version(req, 0L)) /* so far there is only version 1 */
|
||||
goto err;
|
||||
|
||||
if (fsubj != NULL)
|
||||
|
|
|
@ -270,6 +270,7 @@ a large random number will be used for the serial number.
|
|||
|
||||
Unless the B<-copy_extensions> option is used,
|
||||
X.509 extensions are not copied from any provided request input file.
|
||||
|
||||
X.509 extensions to be added can be specified in the configuration file
|
||||
or using the B<-addext> option.
|
||||
|
||||
|
@ -294,16 +295,17 @@ be a positive integer. The default is 30 days.
|
|||
|
||||
=item B<-set_serial> I<n>
|
||||
|
||||
Serial number to use when outputting a self-signed certificate. This
|
||||
may be specified as a decimal value or a hex value if preceded by C<0x>.
|
||||
Serial number to use when outputting a self-signed certificate.
|
||||
This may be specified as a decimal value or a hex value if preceded by C<0x>.
|
||||
If not given, a large random number will be used.
|
||||
|
||||
=item B<-copy_extensions> I<arg>
|
||||
|
||||
Determines how extensions in certificate requests should be handled when B<-x509> is given.
|
||||
If I<arg> is B<none> or this option is not present
|
||||
then extensions present in the request are ignored.
|
||||
Determines how X.509 extensions in certificate requests should be handled
|
||||
when B<-x509> is given.
|
||||
If I<arg> is B<none> or this option is not present then extensions are ignored.
|
||||
If I<arg> is B<copy> or B<copyall> then
|
||||
any extensions present in the request are copied to the certificate.
|
||||
all extensions in the request are copied to the certificate.
|
||||
|
||||
The main use of this option is to allow a certificate request to supply
|
||||
values for certain extensions such as subjectAltName.
|
||||
|
|
Loading…
Reference in New Issue