APPS/{x509,req}: Fix description and diagnostics of -key, -in, etc. options #16440
Conversation
DDvO
added
approval: otc review pending
|
OTC: not blocking 3.0.0 release. OTC will decide later if this is acceptable for 3.0 branch. |
paulidale
added
approval: done
openssl-machine
added
approval: ready to merge
|
This pull request is ready to merge |
|
Can one meanwhile merge to master again as usual? |
|
Yes, you can merge to master. We're still a while from determining futures though but a change like this seems reasonable to include now. |
…ptions Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #16440)
…y option Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #16440)
|
Merged - thanks @paulidale |
Is it already clear if/how to potentially (back-)port this to 3.0? |
|
It is not a pure documentation fix. It would be probably better to open a new PR against 3.0 branch if you want OTC to consider this. |
|
I've flagged this for OTC discussion with respects to merging all of this or just the documentation changes to the 3.0 branch. |
Over the years, the
x509andreqapp options have become a messand their documentation and help output is partly outdated, incomplete, or even wrong.
I recently came across this issue again when extending the tests in #16342.
This PR improves the description of the
-key,-in, and related optionsand adds some warnings for useless or problematic option combinations.
Note that this does not change the semantics of the options.
It would be good to make them more consistent or at least flag some combinations as error,
but we likely cannot do this before the 3.0 release.