[Pkg-openssl-devel] Bug#176058: [openssl.org #447] [Fwd: Bug#176058: openssl: Should ask password only after basic input validation]
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Tue Jul 26 19:56:23 UTC 2016
Version: 1.1.0~pre5-5
On 2003-01-13 18:47:28 [+0100], Florian Weimer wrote:
> "Richard Levitte via RT" <rt at openssl.org> writes:
>
> "openssl ca" is one of them, and probably the most cumbersome.
> "openssl req -new -out $FILE" does not verify that $FILE is a writable
> file.
since exp:
|$ openssl req -new -out das
|req: Cannot open output file das, Permission denied
|req: Use -help for summary.
However for ca the situation is slightly different:
openssl req -new -x509 -days 7 -config test.cnf -keyform PEM -keyout \
private/cakey.pem -outform PEM -out certs/cacert.pem
will bail out before asking for password if cakey.pem can not be
created _but_ after it ate entropy and craeted a RSA key. And then it
will complain if it can't create cacert.pem
But since it won't ask for a password before doing any work I count it
as win and close the as fixed :)
The upstream bug was rejected because people might rely on existing
behaviour. If you *plan* on getting changes here (like first check
permissions for output files then create the key and as for pass) I
suggest to ask for it (with a patch :) ) before 1.1.0 is done.
Sebastian
More information about the Pkg-openssl-devel
mailing list