[Pkg-openssl-devel] Bug#915612: openssl: "genrsa" changed command line interface in stretch-security update
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Wed Dec 5 21:03:50 GMT 2018
On 2018-12-05 11:09:25 [+0100], Manuel Montecelo wrote:
> the subcommand genrsa changed interface from its previous version, and does not
> accept -config or -batch options anymore:
…
> I worked around the issue in other ways, and I know that "genpkey" is supposed
> to supercede "genrsa", but this problem might affect scripts that the users
> cannot easily change, and it's OK-ish for major versions but would be nice to
> not affect systems with stable-security updates.
>
> For reference, command that used to work:
>
> openssl genrsa -out "${KEY_FILE}" 4096 -config "${CONFIG_FILE}" -batch
>
> As a workaround with "genrsa":
>
> OPENSSL_CONF="${CONFIG_FILE}" openssl genrsa -out "${KEY_FILE}" 4096
Are you sure that the workaround vs
openssl genrsa -out "${KEY_FILE}" 4096
makes a difference?
I'm asking because bisect identifies commit 847997f98c28b ("Check # of
arguments for remaining commands.") as the one that introduced the
regression. This change only adds the error if you specify invalid
arguments. Both `-config' and `-batch' are not part of accepted
arguments.
So I think 1.1.0f should produce the same result with or without those
two options. Is it true?
> Cheers.
Sebastian
More information about the Pkg-openssl-devel
mailing list