No...
I may have been unclear: I was referring to the '-infiles' switch to the
openssl ca command, as referenced in the docs. This switch exists, ostensibly,
to sign multiple CSRs as a batch.
My point was only that, despite the stated constraint:
' if present this should be the last option, all subsequent arguments are
assumed to the the names of files containing certificate requests' ,
we seemed to have somehow been able to use this switch (at some point in the
distant past) embedded in a command string, with other switches following it.
Executing our same commands now, under OpenSSL v1.0.0, the '-infiles' switch
appears to be behaving exactly as documented.
Having said all this, I know there are those who feel that the ca command
should be avoided altogether; my notes here are only for academic/historical(?)
interest.
Lou Picciano
----- Original Message -----
From: "Kyle Hamilton" <aerow...@gmail.com>
To: "openssl-users" <openssl-users@openssl.org>
Sent: Sunday, April 25, 2010 10:16:55 PM GMT -05:00 US/Canada Eastern
Subject: Re: OpenSSL ca command handles -infiles option more carefully?
The switch is -infile, not -infiles.
-Kyle H
On Sun, Apr 25, 2010 at 6:26 PM, Lou Picciano <loupicci...@comcast.net> wrote:
> We've run into an interesting - apparently new? - behavior of the openssl ca
> command:
> I believe we've used the following command in the past (pre 1.0.0). (Don't
> know why we were still using the -infiles option with a single input file -
> something vestigial, no doubt; Nonetheless, I think it's worked:
> ../bin/openssl ca \
> -days 1095 \
> -infiles YOUR.csr \
> -out YOUR.crt \
> -config ../openssl.cnf
> Now, using OpenSSL v1.0.0, this command results in an error, as if the
> -infiles option is trying to read the -out option as a filename! (Yes, many
> of our commands are formatted with the backslash for readability):
> -out: No such file or directory
> 4274892676:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:355:fopen('-out','r')
> 4274892676:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:
> Don't know if this is a new 'fastidiousness' of the ca command, or if we
> simply never hit it before, but it may merit attention.
> For example, we haven't tested all the permutations, such as what would
> happen if the -infiles option were the last option in the command string,
> and had only one file as an input?
> Lou
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
