About year ago, the apps/x509.c has been patched not to ignore -keyform during -x509toreq operation.
IMHO it's proper time to patch not to ignore other options as well.
All following text is related to "openssl req -x509toreq" call.
Current behavior:
1. -outform is ignored, PEM format used all the times
2. output contain text representation of created request all the time,
despite of '-text' option is used or not
3a. -text -x509toreq sequence results to following output sequence:
[text representation of source x509 certificate]
[text representation of resulting request]
[resulting request in PEM format]
3b. -x509toreq -text sequence results to following output sequence:
[text representation of resulting request]
[resulting request in PEM format]
[text representation of source x509 certificate]
3c. -x509toreq -text or -text -x509toreq sequences combined with -noout
in any position results to following output sequence:
[text representation of source x509 certificate]
-------
Proposed behavior:
1. honor the -outform
2,3. print text representation of resulting request when -text requested
only, then print resulting request in DER or PEM format unless -noout
specified, don't print text representation of source x509 certificate in
-x509toreq mode at all. It results to following output sequence:
IF -text THEN [text representation of resulting request]
IF ! -noout THEN [resulting request in $( outform) format]
I wish [1] need no more explanation.
According to 2&3 - I assume the current behavior is not intentional. I
wish the proposed behavior is more consistent with x509 app behavior in
non x509toreq mode as well as behavior of other apps.
Patch is attached.
Best regards
Dan Lukes
patch-DAN-apps::x509.c
Description: application/unregisterd-mime-type-to-avoid-ie-mime-sniffing
