[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Tue Apr 25 16:45:22 UTC 2017
The branch master has been updated
via b5c4209be9162d4ceafb9aef833ca94ffa1cc5c9 (commit)
from 645c694d85c8f48c74e7db8730ead874656c781e (commit)
- Log -----------------------------------------------------------------
commit b5c4209be9162d4ceafb9aef833ca94ffa1cc5c9
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Tue Apr 25 12:25:42 2017 -0400
Switch command-line utils to new nameopt API.
The CA names should be printed according to user's decision
print_name instead of set of BIO_printf
dump_cert_text instead of set of BIO_printf
Testing cyrillic output of X509_CRL_print_ex
Write and use X509_CRL_print_ex
Reduce usage of X509_NAME_online
Using X509_REQ_print_ex instead of X509_REQ_print
Fix nameopt processing.
Make dump_cert_text nameopt-friendly
Move nameopt getter/setter to apps/apps.c
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3262)
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 30 ++++++++++++++++++++----------
apps/apps.h | 2 ++
apps/ca.c | 17 +++++++----------
apps/crl.c | 12 +++---------
apps/pkcs7.c | 2 +-
apps/req.c | 21 ++++++++-------------
apps/s_apps.h | 2 --
apps/s_cb.c | 16 +++++-----------
apps/s_client.c | 18 +++++++-----------
apps/s_server.c | 5 +----
apps/verify.c | 12 +++---------
apps/x509.c | 32 ++++++++++++--------------------
crypto/x509/t_crl.c | 12 ++++++++----
include/openssl/x509.h | 1 +
test/certs/cyrillic_crl.pem | 13 +++++++++++++
test/certs/cyrillic_crl.utf8 | 39 +++++++++++++++++++++++++++++++++++++++
test/recipes/25-test_crl.t | 12 +++++++++++-
util/libcrypto.num | 1 +
18 files changed, 142 insertions(+), 105 deletions(-)
create mode 100644 test/certs/cyrillic_crl.pem
create mode 100644 test/certs/cyrillic_crl.utf8
diff --git a/apps/apps.c b/apps/apps.c
index 216bc79..c66b89c 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -149,20 +149,30 @@ int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
#endif
-int dump_cert_text(BIO *out, X509 *x)
+static unsigned long nmflag = 0;
+static char nmflag_set = 0;
+
+int set_nameopt(const char *arg)
{
- char *p;
+ int ret = set_name_ex(&nmflag, arg);
+
+ if (ret)
+ nmflag_set = 1;
+
+ return ret;
+}
- p = X509_NAME_oneline(X509_get_subject_name(x), NULL, 0);
- BIO_puts(out, "subject=");
- BIO_puts(out, p);
- OPENSSL_free(p);
+unsigned long get_nameopt(void)
+{
+ return (nmflag_set) ? nmflag : XN_FLAG_ONELINE;
+}
- p = X509_NAME_oneline(X509_get_issuer_name(x), NULL, 0);
- BIO_puts(out, "\nissuer=");
- BIO_puts(out, p);
+int dump_cert_text(BIO *out, X509 *x)
+{
+ print_name(out, "subject=", X509_get_subject_name(x), get_nameopt());
+ BIO_puts(out, "\n");
+ print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt());
BIO_puts(out, "\n");
- OPENSSL_free(p);
return 0;
}
diff --git a/apps/apps.h b/apps/apps.h
index e7c860f..a8de2dc 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -400,6 +400,8 @@ void print_name(BIO *out, const char *title, X509_NAME *nm,
void print_bignum_var(BIO *, const BIGNUM *, const char*,
int, unsigned char *);
void print_array(BIO *, const char *, int, const unsigned char *);
+int set_nameopt(const char *arg);
+unsigned long get_nameopt(void);
int set_cert_ex(unsigned long *flags, const char *arg);
int set_name_ex(unsigned long *flags, const char *arg);
int set_ext_copy(int *copy_type, const char *arg);
diff --git a/apps/ca.c b/apps/ca.c
index 6a615ed..102ff87 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -258,7 +258,7 @@ int ca_main(int argc, char **argv)
int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0;
int i, j, selfsign = 0;
long crldays = 0, crlhours = 0, crlsec = 0, days = 0;
- unsigned long chtype = MBSTRING_ASC, nameopt = 0, certopt = 0;
+ unsigned long chtype = MBSTRING_ASC, certopt = 0;
X509 *x509 = NULL, *x509p = NULL, *x = NULL;
REVINFO_TYPE rev_type = REV_NONE;
X509_REVOKED *r = NULL;
@@ -569,14 +569,11 @@ end_of_options:
f = NCONF_get_string(conf, section, ENV_NAMEOPT);
if (f) {
- if (!set_name_ex(&nameopt, f)) {
+ if (!set_nameopt(f)) {
BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
goto end;
}
default_op = 0;
- } else {
- nameopt = XN_FLAG_ONELINE;
- ERR_clear_error();
}
f = NCONF_get_string(conf, section, ENV_CERTOPT);
@@ -866,7 +863,7 @@ end_of_options:
j = certify_spkac(&x, spkac_file, pkey, x509, dgst, sigopts,
attribs, db, serial, subj, chtype, multirdn,
email_dn, startdate, enddate, days, extensions,
- conf, verbose, certopt, nameopt, default_op,
+ conf, verbose, certopt, get_nameopt(), default_op,
ext_copy);
if (j < 0)
goto end;
@@ -891,7 +888,7 @@ end_of_options:
attribs,
db, serial, subj, chtype, multirdn, email_dn,
startdate, enddate, days, batch, extensions,
- conf, verbose, certopt, nameopt, default_op,
+ conf, verbose, certopt, get_nameopt(), default_op,
ext_copy);
if (j < 0)
goto end;
@@ -911,7 +908,7 @@ end_of_options:
j = certify(&x, infile, pkey, x509p, dgst, sigopts, attribs, db,
serial, subj, chtype, multirdn, email_dn, startdate,
enddate, days, batch, extensions, conf, verbose,
- certopt, nameopt, default_op, ext_copy, selfsign);
+ certopt, get_nameopt(), default_op, ext_copy, selfsign);
if (j < 0)
goto end;
if (j > 0) {
@@ -930,7 +927,7 @@ end_of_options:
j = certify(&x, argv[i], pkey, x509p, dgst, sigopts, attribs, db,
serial, subj, chtype, multirdn, email_dn, startdate,
enddate, days, batch, extensions, conf, verbose,
- certopt, nameopt, default_op, ext_copy, selfsign);
+ certopt, get_nameopt(), default_op, ext_copy, selfsign);
if (j < 0)
goto end;
if (j > 0) {
@@ -1272,7 +1269,7 @@ static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
goto end;
}
if (verbose)
- X509_REQ_print(bio_err, req);
+ X509_REQ_print_ex(bio_err, req, nameopt, X509_FLAG_COMPAT);
BIO_printf(bio_err, "Check that the request matches the signature\n");
diff --git a/apps/crl.c b/apps/crl.c
index 3847faa..ce589bb 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -69,8 +69,6 @@ int crl_main(int argc, char **argv)
X509_OBJECT *xobj = NULL;
EVP_PKEY *pkey;
const EVP_MD *digest = EVP_sha1();
- unsigned long nmflag = 0;
- char nmflag_set = 0;
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
const char *CAfile = NULL, *CApath = NULL, *prog;
OPTION_CHOICE o;
@@ -169,8 +167,7 @@ int crl_main(int argc, char **argv)
badsig = 1;
break;
case OPT_NAMEOPT:
- nmflag_set = 1;
- if (!set_name_ex(&nmflag, opt_arg()))
+ if (!set_nameopt(opt_arg()))
goto opthelp;
break;
case OPT_MD:
@@ -182,9 +179,6 @@ int crl_main(int argc, char **argv)
if (argc != 0)
goto opthelp;
- if (!nmflag_set)
- nmflag = XN_FLAG_ONELINE;
-
x = load_crl(infile, informat);
if (x == NULL)
goto end;
@@ -260,7 +254,7 @@ int crl_main(int argc, char **argv)
for (i = 1; i <= num; i++) {
if (issuer == i) {
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
- nmflag);
+ get_nameopt());
}
if (crlnumber == i) {
ASN1_INTEGER *crlnum;
@@ -319,7 +313,7 @@ int crl_main(int argc, char **argv)
goto end;
if (text)
- X509_CRL_print(out, x);
+ X509_CRL_print_ex(out, x, get_nameopt());
if (noout) {
ret = 0;
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index 2268108..45e9c7d 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -163,7 +163,7 @@ int pkcs7_main(int argc, char **argv)
for (i = 0; i < sk_X509_CRL_num(crls); i++) {
crl = sk_X509_CRL_value(crls, i);
- X509_CRL_print(out, crl);
+ X509_CRL_print_ex(out, crl, get_nameopt());
if (!noout)
PEM_write_bio_X509_CRL(out, crl);
diff --git a/apps/req.c b/apps/req.c
index ddb0fdc..f1dba66 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -163,8 +163,7 @@ int req_main(int argc, char **argv)
int modulus = 0, multirdn = 0, verify = 0, noout = 0, text = 0;
int nodes = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0;
long newkey = -1;
- unsigned long chtype = MBSTRING_ASC, nmflag = 0, reqflag = 0;
- char nmflag_set = 0;
+ unsigned long chtype = MBSTRING_ASC, reqflag = 0;
#ifndef OPENSSL_NO_DES
cipher = EVP_des_ede3_cbc();
@@ -277,8 +276,7 @@ int req_main(int argc, char **argv)
chtype = MBSTRING_UTF8;
break;
case OPT_NAMEOPT:
- nmflag_set = 1;
- if (!set_name_ex(&nmflag, opt_arg()))
+ if (!set_nameopt(opt_arg()))
goto opthelp;
break;
case OPT_REQOPT:
@@ -333,9 +331,6 @@ int req_main(int argc, char **argv)
if (argc != 0)
goto opthelp;
- if (!nmflag_set)
- nmflag = XN_FLAG_ONELINE;
-
/* TODO: simplify this as pkey is still always NULL here */
private = newreq && (pkey == NULL) ? 1 : 0;
@@ -695,7 +690,7 @@ int req_main(int argc, char **argv)
if (verbose) {
BIO_printf(bio_err, "Modifying Request's Subject\n");
print_name(bio_err, "old subject=",
- X509_REQ_get_subject_name(req), nmflag);
+ X509_REQ_get_subject_name(req), get_nameopt());
}
if (build_subject(req, subj, chtype, multirdn) == 0) {
@@ -706,7 +701,7 @@ int req_main(int argc, char **argv)
if (verbose) {
print_name(bio_err, "new subject=",
- X509_REQ_get_subject_name(req), nmflag);
+ X509_REQ_get_subject_name(req), get_nameopt());
}
}
@@ -755,18 +750,18 @@ int req_main(int argc, char **argv)
if (text) {
if (x509)
- X509_print_ex(out, x509ss, nmflag, reqflag);
+ X509_print_ex(out, x509ss, get_nameopt(), reqflag);
else
- X509_REQ_print_ex(out, req, nmflag, reqflag);
+ X509_REQ_print_ex(out, req, get_nameopt(), reqflag);
}
if (subject) {
if (x509)
print_name(out, "subject=", X509_get_subject_name(x509ss),
- nmflag);
+ get_nameopt());
else
print_name(out, "subject=", X509_REQ_get_subject_name(req),
- nmflag);
+ get_nameopt());
}
if (modulus) {
diff --git a/apps/s_apps.h b/apps/s_apps.h
index 38c6b67..07b5a7a 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -44,8 +44,6 @@ int should_retry(int i);
long bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
-int set_nameopt(const char *arg);
-
#ifdef HEADER_SSL_H
void apps_ssl_info_callback(const SSL *s, int where, int ret);
void msg_cb(int write_p, int version, int content_type, const void *buf,
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 1b68164..edbc2b8 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -33,12 +33,6 @@ static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
static int cookie_initialized = 0;
#endif
static BIO *bio_keylog = NULL;
-static unsigned long nmflag = XN_FLAG_ONELINE;
-
-int set_nameopt(const char *arg)
-{
- return set_name_ex(&nmflag, arg);
-}
static const char *lookup(int val, const STRINT_PAIR* list, const char* def)
{
@@ -62,7 +56,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
if (err_cert) {
X509_NAME_print_ex(bio_err,
X509_get_subject_name(err_cert),
- 0, nmflag);
+ 0, get_nameopt());
BIO_puts(bio_err, "\n");
} else
BIO_puts(bio_err, "<no cert>\n");
@@ -83,7 +77,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
BIO_puts(bio_err, "issuer= ");
X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
- 0, nmflag);
+ 0, get_nameopt());
BIO_puts(bio_err, "\n");
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
@@ -836,7 +830,7 @@ static int set_cert_cb(SSL *ssl, void *arg)
rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain);
BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i);
X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
- nmflag);
+ get_nameopt());
BIO_puts(bio_err, "\n");
print_chain_flags(ssl, rv);
if (rv & CERT_PKEY_VALID) {
@@ -1125,7 +1119,7 @@ void print_ssl_summary(SSL *s)
BIO_puts(bio_err, "Peer certificate: ");
X509_NAME_print_ex(bio_err, X509_get_subject_name(peer),
- 0, nmflag);
+ 0, get_nameopt());
BIO_puts(bio_err, "\n");
if (SSL_get_peer_signature_nid(s, &nid))
BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid));
@@ -1440,7 +1434,7 @@ void print_ca_names(BIO *bio, SSL *s)
BIO_printf(bio, "---\nAcceptable %s certificate CA names\n",cs);
for (i = 0; i < sk_X509_NAME_num(sk); i++) {
- X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, XN_FLAG_ONELINE);
+ X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, get_nameopt());
BIO_write(bio, "\n", 1);
}
}
diff --git a/apps/s_client.c b/apps/s_client.c
index 52b99ce..efdc8e3 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2849,7 +2849,6 @@ int s_client_main(int argc, char **argv)
static void print_stuff(BIO *bio, SSL *s, int full)
{
X509 *peer = NULL;
- char buf[BUFSIZ];
STACK_OF(X509) *sk;
const SSL_CIPHER *c;
int i;
@@ -2870,12 +2869,12 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_printf(bio, "---\nCertificate chain\n");
for (i = 0; i < sk_X509_num(sk); i++) {
- X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)),
- buf, sizeof buf);
- BIO_printf(bio, "%2d s:%s\n", i, buf);
- X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)),
- buf, sizeof buf);
- BIO_printf(bio, " i:%s\n", buf);
+ BIO_printf(bio, "%2d s:", i);
+ X509_NAME_print_ex(bio, X509_get_subject_name(sk_X509_value(sk, i)), 0, get_nameopt());
+ BIO_puts(bio, "\n");
+ BIO_printf(bio, " i:");
+ X509_NAME_print_ex(bio, X509_get_issuer_name(sk_X509_value(sk, i)), 0, get_nameopt());
+ BIO_puts(bio, "\n");
if (c_showcerts)
PEM_write_bio_X509(bio, sk_X509_value(sk, i));
}
@@ -2889,10 +2888,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
/* Redundant if we showed the whole chain */
if (!(c_showcerts && got_a_chain))
PEM_write_bio_X509(bio, peer);
- X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
- BIO_printf(bio, "subject=%s\n", buf);
- X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
- BIO_printf(bio, "issuer=%s\n", buf);
+ dump_cert_text(bio, peer);
} else {
BIO_printf(bio, "no peer certificate available\n");
}
diff --git a/apps/s_server.c b/apps/s_server.c
index d842fb8..4631663 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2728,10 +2728,7 @@ static void print_connection_info(SSL *con)
if (peer != NULL) {
BIO_printf(bio_s_out, "Client certificate\n");
PEM_write_bio_X509(bio_s_out, peer);
- X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
- BIO_printf(bio_s_out, "subject=%s\n", buf);
- X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
- BIO_printf(bio_s_out, "issuer=%s\n", buf);
+ dump_cert_text(bio_s_out, peer);
X509_free(peer);
peer = NULL;
}
diff --git a/apps/verify.c b/apps/verify.c
index a4eb465..c31695c 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -22,7 +22,6 @@ static int check(X509_STORE *ctx, const char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
STACK_OF(X509_CRL) *crls, int show_chain);
static int v_verbose = 0, vflags = 0;
-static unsigned long nmflag = 0;
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -70,7 +69,6 @@ int verify_main(int argc, char **argv)
const char *prog, *CApath = NULL, *CAfile = NULL;
int noCApath = 0, noCAfile = 0;
int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1;
- char nmflag_set = 0;
OPTION_CHOICE o;
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
@@ -153,8 +151,7 @@ int verify_main(int argc, char **argv)
show_chain = 1;
break;
case OPT_NAMEOPT:
- nmflag_set = 1;
- if (!set_name_ex(&nmflag, opt_arg()))
+ if (!set_nameopt(opt_arg()))
goto end;
break;
case OPT_VERBOSE:
@@ -171,9 +168,6 @@ int verify_main(int argc, char **argv)
goto end;
}
- if (!nmflag_set)
- nmflag = XN_FLAG_ONELINE;
-
if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
goto end;
X509_STORE_set_verify_cb(store, cb);
@@ -253,7 +247,7 @@ static int check(X509_STORE *ctx, const char *file,
printf("depth=%d: ", j);
X509_NAME_print_ex_fp(stdout,
X509_get_subject_name(cert),
- 0, nmflag);
+ 0, get_nameopt());
if (j < num_untrusted)
printf(" (untrusted)");
printf("\n");
@@ -282,7 +276,7 @@ static int cb(int ok, X509_STORE_CTX *ctx)
if (current_cert) {
X509_NAME_print_ex(bio_err,
X509_get_subject_name(current_cert),
- 0, nmflag);
+ 0, get_nameopt());
BIO_printf(bio_err, "\n");
}
BIO_printf(bio_err, "%serror %d at %d depth lookup: %s\n",
diff --git a/apps/x509.c b/apps/x509.c
index 182cfb0..41d6e4a 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -160,7 +160,7 @@ int x509_main(int argc, char **argv)
char *checkhost = NULL, *checkemail = NULL, *checkip = NULL;
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passinarg = NULL;
char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL;
- char buf[256], *prog;
+ char *prog;
int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0, pprint = 0;
int C = 0, CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM;
int fingerprint = 0, reqfile = 0, need_rand = 0, checkend = 0;
@@ -172,8 +172,7 @@ int x509_main(int argc, char **argv)
int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0;
int enddate = 0;
time_t checkoffset = 0;
- unsigned long nmflag = 0, certflag = 0;
- char nmflag_set = 0;
+ unsigned long certflag = 0;
OPTION_CHOICE o;
ENGINE *e = NULL;
#ifndef OPENSSL_NO_MD5
@@ -308,8 +307,7 @@ int x509_main(int argc, char **argv)
goto opthelp;
break;
case OPT_NAMEOPT:
- nmflag_set = 1;
- if (!set_name_ex(&nmflag, opt_arg()))
+ if (!set_nameopt(opt_arg()))
goto opthelp;
break;
case OPT_ENGINE:
@@ -447,9 +445,6 @@ int x509_main(int argc, char **argv)
goto opthelp;
}
- if (!nmflag_set)
- nmflag = XN_FLAG_ONELINE;
-
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
@@ -539,7 +534,7 @@ int x509_main(int argc, char **argv)
BIO_printf(bio_err, "Signature ok\n");
print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),
- nmflag);
+ get_nameopt());
if ((x = X509_new()) == NULL)
goto end;
@@ -618,10 +613,10 @@ int x509_main(int argc, char **argv)
if (num) {
for (i = 1; i <= num; i++) {
if (issuer == i) {
- print_name(out, "issuer=", X509_get_issuer_name(x), nmflag);
+ print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt());
} else if (subject == i) {
print_name(out, "subject=",
- X509_get_subject_name(x), nmflag);
+ X509_get_subject_name(x), get_nameopt());
} else if (serial == i) {
BIO_printf(out, "serial=");
i2a_ASN1_INTEGER(out, X509_get_serialNumber(x));
@@ -726,13 +721,10 @@ int x509_main(int argc, char **argv)
char *m;
int len;
- X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf);
- BIO_printf(out, "/*\n"
- " * Subject: %s\n", buf);
-
- X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof buf);
- BIO_printf(out, " * Issuer: %s\n"
- " */\n", buf);
+ print_name(out, "/*\n"
+ " * Subject: ", X509_get_subject_name(x), get_nameopt());
+ print_name(out, " * Issuer: ", X509_get_issuer_name(x), get_nameopt());
+ BIO_puts(out, " */\n");
len = i2d_X509(x, NULL);
m = app_malloc(len, "x509 name buffer");
@@ -747,7 +739,7 @@ int x509_main(int argc, char **argv)
print_array(out, "the_certificate", len, (unsigned char *)m);
OPENSSL_free(m);
} else if (text == i) {
- X509_print_ex(out, x, nmflag, certflag);
+ X509_print_ex(out, x, get_nameopt(), certflag);
} else if (startdate == i) {
BIO_puts(out, "notBefore=");
ASN1_TIME_print(out, X509_get0_notBefore(x));
@@ -828,7 +820,7 @@ int x509_main(int argc, char **argv)
goto end;
}
if (!noout) {
- X509_REQ_print(out, rq);
+ X509_REQ_print_ex(out, rq, get_nameopt(), X509_FLAG_COMPAT);
PEM_write_bio_X509_REQ(out, rq);
}
noout = 1;
diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c
index f3ca6db..3c073ff 100644
--- a/crypto/x509/t_crl.c
+++ b/crypto/x509/t_crl.c
@@ -34,13 +34,17 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
int X509_CRL_print(BIO *out, X509_CRL *x)
{
+ return X509_CRL_print_ex(out, x, XN_FLAG_COMPAT);
+}
+
+int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag)
+{
STACK_OF(X509_REVOKED) *rev;
X509_REVOKED *r;
const X509_ALGOR *sig_alg;
const ASN1_BIT_STRING *sig;
long l;
int i;
- char *p;
BIO_printf(out, "Certificate Revocation List (CRL):\n");
l = X509_CRL_get_version(x);
@@ -50,9 +54,9 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l);
X509_CRL_get0_signature(x, &sig, &sig_alg);
X509_signature_print(out, sig_alg, NULL);
- p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0);
- BIO_printf(out, "%8sIssuer: %s\n", "", p);
- OPENSSL_free(p);
+ BIO_printf(out, "%8sIssuer: ", "");
+ X509_NAME_print_ex(out, X509_CRL_get_issuer(x), 0, nmflag);
+ BIO_puts(out, "\n");
BIO_printf(out, "%8sLast Update: ", "");
ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x));
BIO_printf(out, "\n%8sNext Update: ", "");
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 49ad143..a6aabeb 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -773,6 +773,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
unsigned long cflag);
int X509_print(BIO *bp, X509 *x);
int X509_ocspid_print(BIO *bp, X509 *x);
+int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag);
int X509_CRL_print(BIO *bp, X509_CRL *x);
int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
unsigned long cflag);
diff --git a/test/certs/cyrillic_crl.pem b/test/certs/cyrillic_crl.pem
new file mode 100644
index 0000000..5ba2b2c
--- /dev/null
+++ b/test/certs/cyrillic_crl.pem
@@ -0,0 +1,13 @@
+-----BEGIN X509 CRL-----
+MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCUlUxFTATBgNV
+BAgMDNCc0L7RgdC60LLQsDELMAkGA1UECgwC0K8xCzAJBgNVBAsMAtCvMSowKAYD
+VQQDDCHQlNC80LjRgtGA0LjQuSDQkdC10LvRj9Cy0YHQutC40LkxIjAgBgkqhkiG
+9w0BCQEWE2JlbGRtaXRAZXhhbXBsZS5jb20XDTE3MDQyNDEzMjUzMVoXDTE3MDUy
+NDEzMjUzMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCF5eX+
+1BM/BxoHU2/3pQHJgPSKevN0/K/daiFHiJl7Kb9GCwKY14B1RvbN2rUP/58Mt+aq
+jvauf1yBzlaJQeJKZcsCmG9p6Tr1y0BJXhrq5kC0SLyNDsfGUTfuxnwmo+clHXRU
++gKuk+h0WkJL022ZYbJ38w588k4NT3CWVHeE23EDC264p942mlDE7en6MyL152Pe
+Ld9YrWiq5iOIOrIbQLErq0EjwxvHG9sMiYFUa6VrwmRf26nyZ7u9RKJDP+o2dltw
+diBaSXC3Qt3pZ8BIfv/l81lwp8Dr63SwCII2pIRplyICdQqmX/a+1q8kThXIP2Kx
++X48g7VE2o2X4cfy
+-----END X509 CRL-----
diff --git a/test/certs/cyrillic_crl.utf8 b/test/certs/cyrillic_crl.utf8
new file mode 100644
index 0000000..07dcf75
--- /dev/null
+++ b/test/certs/cyrillic_crl.utf8
@@ -0,0 +1,39 @@
+Certificate Revocation List (CRL):
+ Version 2 (0x1)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=RU, ST=Москва, O=Я, OU=Я, CN=Дмитрий Белявский, emailAddress=beldmit at example.com
+ Last Update: Apr 24 13:25:31 2017 GMT
+ Next Update: May 24 13:25:31 2017 GMT
+ CRL extensions:
+ X509v3 CRL Number:
+ 1
+No Revoked Certificates.
+ Signature Algorithm: sha256WithRSAEncryption
+ 85:e5:e5:fe:d4:13:3f:07:1a:07:53:6f:f7:a5:01:c9:80:f4:
+ 8a:7a:f3:74:fc:af:dd:6a:21:47:88:99:7b:29:bf:46:0b:02:
+ 98:d7:80:75:46:f6:cd:da:b5:0f:ff:9f:0c:b7:e6:aa:8e:f6:
+ ae:7f:5c:81:ce:56:89:41:e2:4a:65:cb:02:98:6f:69:e9:3a:
+ f5:cb:40:49:5e:1a:ea:e6:40:b4:48:bc:8d:0e:c7:c6:51:37:
+ ee:c6:7c:26:a3:e7:25:1d:74:54:fa:02:ae:93:e8:74:5a:42:
+ 4b:d3:6d:99:61:b2:77:f3:0e:7c:f2:4e:0d:4f:70:96:54:77:
+ 84:db:71:03:0b:6e:b8:a7:de:36:9a:50:c4:ed:e9:fa:33:22:
+ f5:e7:63:de:2d:df:58:ad:68:aa:e6:23:88:3a:b2:1b:40:b1:
+ 2b:ab:41:23:c3:1b:c7:1b:db:0c:89:81:54:6b:a5:6b:c2:64:
+ 5f:db:a9:f2:67:bb:bd:44:a2:43:3f:ea:36:76:5b:70:76:20:
+ 5a:49:70:b7:42:dd:e9:67:c0:48:7e:ff:e5:f3:59:70:a7:c0:
+ eb:eb:74:b0:08:82:36:a4:84:69:97:22:02:75:0a:a6:5f:f6:
+ be:d6:af:24:4e:15:c8:3f:62:b1:f9:7e:3c:83:b5:44:da:8d:
+ 97:e1:c7:f2
+-----BEGIN X509 CRL-----
+MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCUlUxFTATBgNV
+BAgMDNCc0L7RgdC60LLQsDELMAkGA1UECgwC0K8xCzAJBgNVBAsMAtCvMSowKAYD
+VQQDDCHQlNC80LjRgtGA0LjQuSDQkdC10LvRj9Cy0YHQutC40LkxIjAgBgkqhkiG
+9w0BCQEWE2JlbGRtaXRAZXhhbXBsZS5jb20XDTE3MDQyNDEzMjUzMVoXDTE3MDUy
+NDEzMjUzMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCF5eX+
+1BM/BxoHU2/3pQHJgPSKevN0/K/daiFHiJl7Kb9GCwKY14B1RvbN2rUP/58Mt+aq
+jvauf1yBzlaJQeJKZcsCmG9p6Tr1y0BJXhrq5kC0SLyNDsfGUTfuxnwmo+clHXRU
++gKuk+h0WkJL022ZYbJ38w588k4NT3CWVHeE23EDC264p942mlDE7en6MyL152Pe
+Ld9YrWiq5iOIOrIbQLErq0EjwxvHG9sMiYFUa6VrwmRf26nyZ7u9RKJDP+o2dltw
+diBaSXC3Qt3pZ8BIfv/l81lwp8Dr63SwCII2pIRplyICdQqmX/a+1q8kThXIP2Kx
++X48g7VE2o2X4cfy
+-----END X509 CRL-----
diff --git a/test/recipes/25-test_crl.t b/test/recipes/25-test_crl.t
index e8ce5f8..456accb 100644
--- a/test/recipes/25-test_crl.t
+++ b/test/recipes/25-test_crl.t
@@ -15,10 +15,14 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_crl");
-plan tests => 5;
+plan tests => 7;
require_ok(srctop_file('test','recipes','tconversion.pl'));
+my $pem = srctop_file("test/certs", "cyrillic_crl.pem");
+my $out = "cyrillic_crl.out";
+my $utf = srctop_file("test/certs", "cyrillic_crl.utf8");
+
subtest 'crl conversions' => sub {
tconversion("crl", srctop_file("test","testcrl.pem"));
};
@@ -32,6 +36,12 @@ ok(compare1stline([qw{openssl crl -noout -fingerprint -sha256 -in},
srctop_file('test', 'testcrl.pem')],
'SHA256 Fingerprint=B3:A9:FD:A7:2E:8C:3D:DF:D0:F1:C3:1A:96:60:B5:FD:B0:99:7C:7F:0E:E4:34:F5:DB:87:62:36:BC:F1:BC:1B'));
+ok(run(app(["openssl", "crl", "-text", "-in", $pem, "-out", $out,
+ "-nameopt", "utf8"])));
+is(cmp_text($out, srctop_file("test/certs", "cyrillic_crl.utf8")),
+ 0, 'Comparing utf8 output');
+unlink $out;
+
sub compare1stline {
my ($cmdarray, $str) = @_;
my @lines = run(app($cmdarray), capture => 1);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 14c4c6a..9540d6f 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4272,3 +4272,4 @@ ZINT64_it 4215 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTIO
ZINT64_it 4215 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
CRYPTO_mem_leaks_cb 4216 1_1_1 EXIST::FUNCTION:CRYPTO_MDEBUG
BIO_lookup_ex 4217 1_1_1 EXIST::FUNCTION:SOCK
+X509_CRL_print_ex 4218 1_1_1 EXIST::FUNCTION:
More information about the openssl-commits
mailing list