% cfssl version
Version: 1.3.4
Revision: dev
Runtime: go1.12.7
When using cfssl gencsr -key <keyfile>, I noticed that cfssl seems to adjust the mtime of the keyfile. Since the use case of gencsr is to use an existing file, I doubt it needs to touch the file.
Can be reproduced by:
Generate JSON file
cfssl keygen JSON | cfssl-json -bare mycert
stat -f "%Sc %Sa %Sm" mycert-key.pem (BSD/Mac syntax) and notice the timestamps
Wait a minute so that clock rolls over
cfssl gencsr -key mycert-key.pem JSON
stat -f "%Sc %Sa %Sm" mycert-key.pem and notice that the ctime and mtime have changed.
What I also find interesting is:
% cfssl gencsr -h
cfssl gencsr -- generate a csr from a private key with existing CSR json specification or certificate
Usage of genkey:
cfssl gencsr -key private_key_file [-host hostname_override] CSRJSON
cfssl gencsr -key private_key_file [-host hostname_override] -cert certificate_file
Arguments:
CSRJSON: JSON file containing the request, use '-' for reading JSON from stdin
Notice the output of genkey in the output above. I have not yet looked at the code yet whether gencsr is wrapping genkey's functionality, which could explain the behaviour I write about above.
Closing this, since it seems Cloudflare doesn't pay attention to this repository. And I can do without all these multi-year issues in my issues overview.
% cfssl version Version: 1.3.4 Revision: dev Runtime: go1.12.7
When using
cfssl gencsr -key <keyfile>
, I noticed that cfssl seems to adjust the mtime of the keyfile. Since the use case of gencsr is to use an existing file, I doubt it needs to touch the file.Can be reproduced by:
cfssl keygen JSON | cfssl-json -bare mycert
stat -f "%Sc %Sa %Sm" mycert-key.pem
(BSD/Mac syntax) and notice the timestampscfssl gencsr -key mycert-key.pem JSON
stat -f "%Sc %Sa %Sm" mycert-key.pem
and notice that the ctime and mtime have changed.What I also find interesting is:
Notice the output of
genkey
in the output above. I have not yet looked at the code yet whether gencsr is wrapping genkey's functionality, which could explain the behaviour I write about above.