On 2018-12-05 11:09:25 [+0100], Manuel Montecelo wrote:
> the subcommand genrsa changed interface from its previous version, and does
> not
> accept -config or -batch options anymore:
…
> I worked around the issue in other ways, and I know that "genpkey" is supposed
> to supercede "genrsa", but this problem might affect scripts that the users
> cannot easily change, and it's OK-ish for major versions but would be nice to
> not affect systems with stable-security updates.
>
> For reference, command that used to work:
>
> openssl genrsa -out "${KEY_FILE}" 4096 -config "${CONFIG_FILE}" -batch
>
> As a workaround with "genrsa":
>
> OPENSSL_CONF="${CONFIG_FILE}" openssl genrsa -out "${KEY_FILE}" 4096
Are you sure that the workaround vs
openssl genrsa -out "${KEY_FILE}" 4096
makes a difference?
I'm asking because bisect identifies commit 847997f98c28b ("Check # of
arguments for remaining commands.") as the one that introduced the
regression. This change only adds the error if you specify invalid
arguments. Both `-config' and `-batch' are not part of accepted
arguments.
So I think 1.1.0f should produce the same result with or without those
two options. Is it true?
> Cheers.
Sebastian
