> On May 24, 2018, at 3:21 PM, Salz, Rich via openssl-users <[hidden email]> wrote:
> In 1.1.0 and later, the flag takes a single parameter in name=value. Yes that’s strange, but it means that in the common case you don’t need to do any quoting:
> -header Host=ocsp.example.com
> From: openssl-users [mailto:[hidden email]] On Behalf Of Jordan Brown
> Sent: Thursday, May 24, 2018 23:08
> Subject: Re: [openssl-users] Proper syntax for -header host switch
> On 5/24/2018 11:44 AM, Ben Wilson wrote:
> > -header "Host" "ocsp.example.com"
> > -header 'Host' 'ocsp.example.com'
> > -header Host ocsp.example.com
> I don't know anything about the option, but I do know shell syntax. Those three variants are identical when
> presented to the shell.
True for standard Linux/UNIX shells; not necessarily true on other platforms.
The Windows cmd.exe interpreter, for example, does not perform dequoting or argument splitting - those are performed by the application, typically in the C startup code, and the Microsoft C startup code doesn't recognize the single-quote character.
Of course on Windows you have the option of using a UNIX shell such as bash, in which case you'll get the behavior Jordan describes. But it's not universal. For that matter, on Linux or UNIX a user could be running some oddball shell that doesn't support one of those quote characters - it'd be a strange thing to do, but it's possible. Or be running something like bash, but have IFS set to include the "." character.
The basic point is solid - those three variants may well be indistinguishable to the application (almost certainly if running on UNIX or Linux). But it's not 100% guaranteed.
Distinguished Engineer, Micro Focus