About year ago, the apps/x509.c has been patched not to ignore -keyform during -x509toreq operation.
IMHO it's proper time to patch not to ignore other options as well. All following text is related to "openssl req -x509toreq" call. Current behavior: 1. -outform is ignored, PEM format used all the times 2. output contain text representation of created request all the time, despite of '-text' option is used or not 3a. -text -x509toreq sequence results to following output sequence: [text representation of source x509 certificate] [text representation of resulting request] [resulting request in PEM format] 3b. -x509toreq -text sequence results to following output sequence: [text representation of resulting request] [resulting request in PEM format] [text representation of source x509 certificate] 3c. -x509toreq -text or -text -x509toreq sequences combined with -noout in any position results to following output sequence: [text representation of source x509 certificate] ------- Proposed behavior: 1. honor the -outform 2,3. print text representation of resulting request when -text requested only, then print resulting request in DER or PEM format unless -noout specified, don't print text representation of source x509 certificate in -x509toreq mode at all. It results to following output sequence: IF -text THEN [text representation of resulting request] IF ! -noout THEN [resulting request in $( outform) format] I wish [1] need no more explanation. According to 2&3 - I assume the current behavior is not intentional. I wish the proposed behavior is more consistent with x509 app behavior in non x509toreq mode as well as behavior of other apps. Patch is attached. Best regards Dan Lukes
patch-DAN-apps::x509.c
Description: application/unregisterd-mime-type-to-avoid-ie-mime-sniffing