diff options
author | David von Oheimb <David.von.Oheimb@siemens.com> | 2017-12-14 08:04:00 +0100 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-11-19 11:36:02 +0100 |
commit | c1097eecdfe438bcb18b3f556ca4e5dec0748cfc (patch) | |
tree | c010dcfc1868c672d0831d0bd6f299d2a38af37b | |
parent | d7e498ac55f12bc2f4e7f948cbb8de2e3eeafc74 (diff) | |
download | openssl-c1097eecdfe438bcb18b3f556ca4e5dec0748cfc.zip openssl-c1097eecdfe438bcb18b3f556ca4e5dec0748cfc.tar.gz openssl-c1097eecdfe438bcb18b3f556ca4e5dec0748cfc.tar.bz2 |
apps/ca: Minor code and doc cleanup
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/4930)
-rwxr-xr-x | apps/ca.c | 9 | ||||
-rw-r--r-- | doc/man1/openssl-ca.pod.in | 2 |
2 files changed, 7 insertions, 4 deletions
@@ -100,7 +100,7 @@ static int certify(X509 **xret, const char *infile, int informat, long days, int batch, const char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign); -static int certify_cert(X509 **xret, const char *infile, int informat, +static int certify_cert(X509 **xret, const char *infile, int certformat, const char *passin, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, @@ -211,9 +211,11 @@ const OPTIONS ca_options[] = { OPT_SECTION("Signing"), {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"}, {"keyfile", OPT_KEYFILE, 's', "The CA private key"}, - {"keyform", OPT_KEYFORM, 'f', "Private key file format (ENGINE, other values ignored)"}, + {"keyform", OPT_KEYFORM, 'f', + "Private key file format (ENGINE, other values ignored)"}, {"passin", OPT_PASSIN, 's', "Key and cert input file pass phrase source"}, - {"key", OPT_KEY, 's', "Key to decrypt key or cert files. Better use -passin"}, + {"key", OPT_KEY, 's', + "Key to decrypt the private key or cert files if encrypted. Better use -passin"}, {"cert", OPT_CERT, '<', "The CA cert"}, {"certform", OPT_CERTFORM, 'F', "Certificate input format (DER/PEM/P12); has no effect"}, @@ -580,6 +582,7 @@ end_of_options: } } pkey = load_key(keyfile, keyformat, 0, passin, e, "CA private key"); + cleanse(passin); if (pkey == NULL) /* load_key() has already printed an appropriate message */ goto end; diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in index bfb8f1a..0c53b59 100644 --- a/doc/man1/openssl-ca.pod.in +++ b/doc/man1/openssl-ca.pod.in @@ -198,7 +198,7 @@ self-signed certificate. =item B<-passin> I<arg> -The key and certificate password source. +The password source for key files and certificate PKCS#12 files. For more information about the format of B<arg> see L<openssl(1)/Pass Phrase Options>. |