[Pkg-openssl-devel] Behaviour of "x509 -text -out" changed between 1.0.1c (wheezy) and 1.0.1e (sid)
Philipp A. Hartmann
pah at qo.cx
Wed Feb 20 10:24:34 UTC 2013
Hi,
I recently noticed that TinyCA [1] is broken on sid(unstable) machines
with OpenSSL 1.0.1e-1. After a lot of debugging, I finally noticed that
the command-line behaviour of OpenSSL changed.
TinyCA extracts textual information from certificates via a command-line
like:
openssl x509 -in /etc/ssl/certs/00673b5b.0 \
-text -noout \
-out /tmp/00673b5b.0.tmp
Until 1.0.1c-1 (wheezy), this has led to a certificate description in
text form written to the output file:
$ openssl x509 ... | wc -l
0
$ wc -l /tmp/00673b5b.0.tmp
57 /tmp/00673b5b.0.tmp
With the current version 1.0.1e-1 in unstable, this leads to an empty
output file with the certificate description still printed to stdout:
$ openssl x509 ... | wc -l
57
$ wc -l /tmp/00673b5b.0.tmp
0 /tmp/00673b5b.0.tmp
Has this been intentional? This interface change should probably be
mentioned somewhere. Creating an empty file with "-noout -out file" is
not really useful either. Personally, I'd prefer the old behaviour over
the new one, though.
What do you think?
/Philipp
[1] http://packages.debian.org/tinyca
--
vay' DalarghDI' yIqaw
More information about the Pkg-openssl-devel
mailing list