Matthew Martin <[email protected]> wrote: > On Wed, May 08, 2019 at 04:22:16PM -0600, Theo de Raadt wrote: > > Isn't something like better -- to avoid marshalling code to convert > > arguments -> array? > > > > char *pkcs_args[] = > > PATH_OPENSSL, > > "pkcs12", > > "-export", > > "-caname", > > ca->caname, > > "-name", > > ca->caname, > > "-cacerts", > > "-nokeys", > > "-in", > > cacrt, > > "-out", > > capfx, > > "-passout", > > "env:EXPASS", > > "-passin", > > ca->passfile, > > NULL > > }; > > > > ca_system(pkcs_args); > > I did that originally [1], but Reyk preferred the varargs approach [2], > so I changed the patch to match.
Your first mistake was to listen to Reyk....
