Hi, When trying to generate a self signed certificate from a previously generate csr with the command line:
openssl req -x509 -key privkey.pem -in csr.pem -out selfsigned.pem it now prompts for country code etc. which is stored in the CSR. This change in behavior was introduced by: commit fd7ca7465b67336b8950a505b6d2adee867a78f7 Author: Richard Levitte <levi...@openssl.org> Date: Mon Aug 22 15:22:17 2016 +0200 Make 'openssl req -x509' more equivalent to 'openssl req -new' The following would fail, or rather, freeze: openssl genrsa -out rsa2048.pem 2048 openssl req -x509 -key rsa2048.pem -keyform PEM -out cert.pem In that case, the second command wants to read a certificate request from stdin, because -x509 wasn't fully flagged as being for creating something new. This changes makes it fully flagged. RT#4655 Reviewed-by: Andy Polyakov <ap...@openssl.org> My propsed patch is: diff -Nru openssl-1.0.2i/apps/req.c openssl-1.0.2i-1/apps/req.c --- openssl-1.0.2i/apps/req.c 2016-09-22 19:59:10.000000000 +0100 +++ openssl-1.0.2i-1/apps/req.c 2016-09-27 17:37:07.917660064 +0100 @@ -787,7 +787,7 @@ BIO_printf(bio_err, "-----\n"); } - if (!newreq) { + if (!newreq || (x509 && infile)) { /* * Since we are using a pre-existing certificate request, the * kludge * 'format' info should not be changed. Scott Harrison -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4687 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev