1 files changed, 7 insertions, 7 deletions

diff --git a/lacme b/lacme
index 6284c66..19d78a9 100755
--- a/lacme
+++ b/lacme
@@ -184,7 +184,7 @@ sub gen_csr(%) {
     push @args, "-$args{hash}" if defined $args{hash};
     push @args, '-subj', $args{subject}, '-config', $config->filename(), qw/-reqexts v3_req/;
 
-    open my $fh, '-|', qw/openssl req -outform DER/, @args or die "fork: $!";
+    open my $fh, '-|', qw{openssl req -outform DER}, @args or die "fork: $!";
     my $csr = do { local $/ = undef; <$fh> };
     close $fh or $! ? die "close: $!" : return;
 
@@ -195,7 +195,7 @@ sub gen_csr(%) {
         unless ($pid) {
             open STDIN,  '<&', $rd      or die "dup: $!";
             open STDOUT, '>&', \*STDERR or die "dup: $!";
-            exec qw/openssl req -noout -text -inform DER/ or die;
+            exec qw{openssl req -in /dev/stdin -inform DER -noout -text} or die;
         }
         $rd->close() or die "close: $!";
         $wd->print($csr);
@@ -842,8 +842,8 @@ elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') {
         # XXX would be nice to use X509_get_X509_PUBKEY and X509_REQ_get_X509_PUBKEY here,
         # or EVP_PKEY_cmp(), but unfortunately Net::SSLeay 1.88 doesn't support these
         my ($cert_pubkey, $csr_pubkey);
-        spawn({in => $cert, out => \$cert_pubkey}, qw/openssl x509 -inform PEM -noout -pubkey/);
-        spawn({in => $csr,  out => \$csr_pubkey }, qw/openssl req  -inform DER -noout -pubkey/);
+        spawn({in => $cert, out => \$cert_pubkey}, qw{openssl x509 -in /dev/stdin -inform PEM -noout -pubkey});
+        spawn({in => $csr,  out => \$csr_pubkey }, qw{openssl req  -in /dev/stdin -inform DER -noout -pubkey});
         unless (defined $cert_pubkey and defined $csr_pubkey and $cert_pubkey eq $csr_pubkey) {
             print STDERR "[$s] Error: Received bogus X.509 certificate from ACME server!\n";
             $rv = 1;
@@ -878,7 +878,7 @@ elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') {
         }
 
         my @certopts = join ',', qw/no_header no_version no_pubkey no_sigdump/;
-        open my $fh, '|-', qw/openssl x509 -noout -fingerprint -sha256 -text -certopt/, @certopts
+        open my $fh, '|-', qw{openssl x509 -in /dev/stdin -noout -fingerprint -sha256 -text -certopt}, @certopts
             or die "fork: $!";
         print $fh $cert;
         close $fh or die $! ?
@@ -909,14 +909,14 @@ elsif ($COMMAND eq 'revokeCert' or $COMMAND eq 'revoke-cert') {
         print STDERR "Revoking $filename\n";
 
         # conversion PEM -> DER
-        open my $fh, '-|', qw/openssl x509 -outform DER -in/, $filename or die "fork: $!";
+        open my $fh, '-|', qw{openssl x509 -in}, $filename, qw{-outform DER} or die "fork: $!";
         my $der = do { local $/ = undef; <$fh> };
         close $fh or die $! ?
             "close: $!" :
             "Error: x509(1ssl) exited with value ".($? >> 8)."\n";
 
         my @certopts = join ',', qw/no_header no_version no_pubkey no_sigdump no_extensions/;
-        open my $fh2, '|-', qw/openssl x509 -inform DER -noout -fingerprint -sha256 -text -certopt/, @certopts
+        open my $fh2, '|-', qw{openssl x509 -in /dev/stdin -inform DER -noout -fingerprint -sha256 -text -certopt}, @certopts
             or die "fork: $!";
         print $fh2 $der;
         close $fh2 or die $! ?