From db667872d9a4103ffc30d4bd570a378a184d7c7f Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 3 May 2018 14:40:45 -0400 Subject: [PATCH] Remove "-nodes" option from make-certs scripts The openssl command does not recognize options after positional arguments, so in "openssl genrsa $KEYSIZE -nodes", the "-nodes" was ignored as a excess positional argument prior to OpenSSL 1.1.0h, and now causes an error. "-nodes" is an option to the openssl req and pkcs12 subcommands, but genrsa creates unencrypted keys by default. [ghudson@mit.edu: edited commit message] (cherry picked from commit 928a36aae326d496c9a73f2cd41b4da45eef577c) (cherry picked from commit 83da5675551dba13fee837adc26ce885a061dbc1) --- src/tests/dejagnu/pkinit-certs/make-certs.sh | 2 +- src/tests/dejagnu/proxy-certs/make-certs.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/dejagnu/pkinit-certs/make-certs.sh b/src/tests/dejagnu/pkinit-certs/make-certs.sh index 23426af8a..fa937f449 100755 --- a/src/tests/dejagnu/pkinit-certs/make-certs.sh +++ b/src/tests/dejagnu/pkinit-certs/make-certs.sh @@ -114,7 +114,7 @@ extendedKeyUsage = $CLIENT_EKU_LIST EOF # Generate a private key. -openssl genrsa $KEYSIZE -nodes > privkey.pem +openssl genrsa $KEYSIZE > privkey.pem openssl rsa -in privkey.pem -out privkey-enc.pem -des3 -passout pass:encrypted # Generate a "CA" certificate. diff --git a/src/tests/dejagnu/proxy-certs/make-certs.sh b/src/tests/dejagnu/proxy-certs/make-certs.sh index 1191bf05e..24ef91bde 100755 --- a/src/tests/dejagnu/proxy-certs/make-certs.sh +++ b/src/tests/dejagnu/proxy-certs/make-certs.sh @@ -79,7 +79,7 @@ extendedKeyUsage = $PROXY_EKU_LIST EOF # Generate a private key. -openssl genrsa $KEYSIZE -nodes > privkey.pem +openssl genrsa $KEYSIZE > privkey.pem # Generate a "CA" certificate. SUBJECT=signer openssl req -config openssl.cnf -new -x509 -extensions exts_ca \