[30200] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit: Remove "-nodes" option from make-certs scripts

daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri May 4 00:42:47 2018

Date: Fri, 4 May 2018 00:42:38 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201805040442.w444gcmY031604@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/928a36aae326d496c9a73f2cd41b4da45eef577c
commit 928a36aae326d496c9a73f2cd41b4da45eef577c
Author: Robbie Harwood <rharwood@redhat.com>
Date:   Thu May 3 14:40:45 2018 -0400

    Remove "-nodes" option from make-certs scripts
    
    The openssl command does not recognize options after positional
    arguments, so in "openssl genrsa $KEYSIZE -nodes", the "-nodes" was
    ignored as a excess positional argument prior to OpenSSL 1.1.0h, and
    now causes an error.  "-nodes" is an option to the openssl req and
    pkcs12 subcommands, but genrsa creates unencrypted keys by default.
    
    [ghudson@mit.edu: edited commit message]

 src/tests/dejagnu/pkinit-certs/make-certs.sh |    2 +-
 src/tests/dejagnu/proxy-certs/make-certs.sh  |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tests/dejagnu/pkinit-certs/make-certs.sh b/src/tests/dejagnu/pkinit-certs/make-certs.sh
index 63f0c6f..387311a 100755
--- a/src/tests/dejagnu/pkinit-certs/make-certs.sh
+++ b/src/tests/dejagnu/pkinit-certs/make-certs.sh
@@ -114,7 +114,7 @@ extendedKeyUsage = $CLIENT_EKU_LIST
 EOF
 
 # Generate a private key.
-openssl genrsa $KEYSIZE -nodes > privkey.pem
+openssl genrsa $KEYSIZE > privkey.pem
 openssl rsa -in privkey.pem -out privkey-enc.pem -des3 -passout pass:encrypted
 
 # Generate a "CA" certificate.
diff --git a/src/tests/dejagnu/proxy-certs/make-certs.sh b/src/tests/dejagnu/proxy-certs/make-certs.sh
index 1191bf0..24ef91b 100755
--- a/src/tests/dejagnu/proxy-certs/make-certs.sh
+++ b/src/tests/dejagnu/proxy-certs/make-certs.sh
@@ -79,7 +79,7 @@ extendedKeyUsage = $PROXY_EKU_LIST
 EOF
 
 # Generate a private key.
-openssl genrsa $KEYSIZE -nodes > privkey.pem
+openssl genrsa $KEYSIZE > privkey.pem
 
 # Generate a "CA" certificate.
 SUBJECT=signer openssl req -config openssl.cnf -new -x509 -extensions exts_ca \
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post