diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-12-24 12:43:39 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-01-13 11:53:15 +0100 |
commit | b65c5ec8f5f8c9fa082c44bf805beed03d0fee0c (patch) | |
tree | 2bc3ce487192eb578a252b9a68d4637b54c77ef8 /doc/man1 | |
parent | 41e597a01d95540f52e8bc4d69f88c3d93a093ce (diff) | |
download | openssl-new-b65c5ec8f5f8c9fa082c44bf805beed03d0fee0c.tar.gz |
apps/req.c: Add -copy_extensions option for use with -x509; default: none
Fixes #13708
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13658)
Diffstat (limited to 'doc/man1')
-rw-r--r-- | doc/man1/openssl-req.pod.in | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index f73b7fbb9d..141774b7db 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -38,6 +38,7 @@ B<openssl> B<req> [B<-days> I<n>] [B<-set_serial> I<n>] [B<-newhdr>] +[B<-copy_extensions> I<arg>] [B<-addext> I<ext>] [B<-extensions> I<section>] [B<-reqexts> I<section>] @@ -267,6 +268,7 @@ to the a certificate; otherwise a request is created from scratch. Unless specified using the B<-set_serial> option, a large random number will be used for the serial number. +Unless the B<-copy_extensions> option is used, X.509 extensions are not copied from any provided request input file. X.509 extensions to be added can be specified in the configuration file or using the B<-addext> option. @@ -295,6 +297,17 @@ be a positive integer. The default is 30 days. Serial number to use when outputting a self-signed certificate. This may be specified as a decimal value or a hex value if preceded by C<0x>. +=item B<-copy_extensions> I<arg> + +Determines how extensions in certificate requests should be handled when B<-x509> is given. +If I<arg> is B<none> or this option is not present +then extensions present in the request are ignored. +If I<arg> is B<copy> or B<copyall> then +any extensions present in the request are copied to the certificate. + +The main use of this option is to allow a certificate request to supply +values for certain extensions such as subjectAltName. + =item B<-addext> I<ext> Add a specific extension to the certificate (if the B<-x509> option is |