Commit 0ae8d4ca9e for openssl.org

commit 0ae8d4ca9e2db5fd93683dbc42d28c2eba18045d
Author: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date:   Wed Jan 6 12:12:25 2021 +0100

    apps/req.c: Cosmetic improvements of code and documentation

    Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/13658)

diff --git a/apps/req.c b/apps/req.c
index 5663eebc45..3aef8882a8 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -437,7 +437,8 @@ int req_main(int argc, char **argv)
             break;
         case OPT_COPY_EXTENSIONS:
             if (!set_ext_copy(&ext_copy, opt_arg())) {
-                BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", opt_arg());
+                BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n",
+                           opt_arg());
                 goto end;
             }
             break;
@@ -837,13 +838,12 @@ int req_main(int argc, char **argv)
                 goto end;
             if (!pub_key || !X509_set_pubkey(new_x509, pub_key))
                 goto end;
-            if (ext_copy == EXT_COPY_UNSET)
+            if (ext_copy == EXT_COPY_UNSET) {
                 BIO_printf(bio_err, "Warning: No -copy_extensions given; ignoring any extensions in the request\n");
-            else if (!copy_extensions(new_x509, req, ext_copy)) {
+            } else if (!copy_extensions(new_x509, req, ext_copy)) {
                 BIO_printf(bio_err, "Error copying extensions from request\n");
                 goto end;
             }
-            /* TODO: (optionally) copy X.509 extensions from req */

             /* Set up V3 context struct */
             X509V3_set_ctx(&ext_ctx, CAcert != NULL ? CAcert : new_x509,
@@ -1116,8 +1116,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, X509_NAME *fsubj,
         }
     }

-    /* tentatively set X.509 version 1 */
-    if (!X509_REQ_set_version(req, 0L))
+    if (!X509_REQ_set_version(req, 0L)) /* so far there is only version 1 */
         goto err;

     if (fsubj != NULL)
diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in
index 141774b7db..ac83f35692 100644
--- a/doc/man1/openssl-req.pod.in
+++ b/doc/man1/openssl-req.pod.in
@@ -270,6 +270,7 @@ a large random number will be used for the serial number.

 Unless the B<-copy_extensions> option is used,
 X.509 extensions are not copied from any provided request input file.
+
 X.509 extensions to be added can be specified in the configuration file
 or using the B<-addext> option.

@@ -294,16 +295,17 @@ be a positive integer. The default is 30 days.

 =item B<-set_serial> I<n>

-Serial number to use when outputting a self-signed certificate. This
-may be specified as a decimal value or a hex value if preceded by C<0x>.
+Serial number to use when outputting a self-signed certificate.
+This may be specified as a decimal value or a hex value if preceded by C<0x>.
+If not given, a large random number will be used.

 =item B<-copy_extensions> I<arg>

-Determines how extensions in certificate requests should be handled when B<-x509> is given.
-If I<arg> is B<none> or this option is not present
-then extensions present in the request are ignored.
+Determines how X.509 extensions in certificate requests should be handled
+when B<-x509> is given.
+If I<arg> is B<none> or this option is not present then extensions are ignored.
 If I<arg> is B<copy> or B<copyall> then
-any extensions present in the request are copied to the certificate.
+all extensions in the request are copied to the certificate.

 The main use of this option is to allow a certificate request to supply
 values for certain extensions such as subjectAltName.