diff mbox series

[isar-cip-core,3/9] swupdate-signer: Ensure compatibility also with latest openssl 3.3

Message ID c5639090dff12275d318d62fc19289faf6cbf05f.1730977077.git.jan.kiszka@siemens.com (mailing list archive)
State New
Headers show
Series Enable early Debian trixie support, drop sid | expand

Commit Message

Jan Kiszka Nov. 7, 2024, 10:57 a.m. UTC 
From: Jan Kiszka <jan.kiszka@siemens.com>

That -check option was probably never official and is now definitely
gone with openssl 3.3 from trixie. In fact, we do not even need it, the
return code is set as expected also without it.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 recipes-devtools/swupdate-signer/files/sign-swu-cms | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)
diff mbox series

Patch

diff --git a/recipes-devtools/swupdate-signer/files/sign-swu-cms b/recipes-devtools/swupdate-signer/files/sign-swu-cms
index d844e011..cb0cd4af 100644
--- a/recipes-devtools/swupdate-signer/files/sign-swu-cms
+++ b/recipes-devtools/swupdate-signer/files/sign-swu-cms
@@ -10,14 +10,11 @@  error_msg() {
 }
 
 if ! openssl rsa -check -noout -in "$inkey"; then
-	error_msg "key '$inkey' is not a rsa key "
+	error_msg "key '$inkey' is not a rsa key"
 fi
 
-# if openssl > 3.0 we have the x509 check option
-if openssl version | grep -q "3.[0-9].[0-9]"; then
-	if ! openssl x509 -check -noout -in "$cert"; then
-		error_msg  "certificate '$cert' is not a certificate"
-	fi
+if ! openssl x509 -noout -in "$cert"; then
+	error_msg  "certificate '$cert' is not a certificate"
 fi
 
 key_md5=$(openssl rsa -modulus -noout -in "$inkey" | openssl md5)