@@ -54,7 +54,7 @@ RANGE_AND_DIGEST_RE='
'
RANGE_AND_DIGEST=($(echo "${PEM}" | \
- openssl asn1parse -in - | \
+ openssl asn1parse | \
sed -n -e "${RANGE_AND_DIGEST_RE}"))
if [ "${#RANGE_AND_DIGEST[@]}" != 3 ]; then
@@ -85,7 +85,7 @@ if [ -z "${DIGEST_MATCH}" ]; then
fi
echo "${PEM}" | \
- openssl x509 -in - -outform DER | \
+ openssl x509 -outform DER | \
dd "bs=1" "skip=${OFFSET}" "count=${END}" "status=none" | \
- openssl dgst "-${DIGEST_MATCH}" - | \
+ openssl dgst "-${DIGEST_MATCH}" | \
awk '{printf "tbs:" $2}'
Recent OpenSSL versions (2 or 3) broke the "x509" argument parsing by not handling "-in -" (unlike OpenSSL 1.1): Could not open file or uri for loading certificate from -: No such file or directory Avoid this issue and still make this script work with older versions of OpenSSL by using implicit arguments instead. To hopefully make it more future-proof, apply the same simplifications for other OpenSSL commands. Cc: David Howells <dhowells@redhat.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Eric Snowberg <eric.snowberg@oracle.com> Cc: Jarkko Sakkinen <jarkko@kernel.org> Reported-by: Daniel Urbonas <t-durbonas@microsoft.com> Fixes: 58d416351e6d ("tools/certs: Add print-cert-tbs-hash.sh") Signed-off-by: Mickaël Salaün <mic@digikod.net> --- tools/certs/print-cert-tbs-hash.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)