[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Tue Apr 25 16:45:22 UTC 2017


The branch master has been updated
       via  b5c4209be9162d4ceafb9aef833ca94ffa1cc5c9 (commit)
      from  645c694d85c8f48c74e7db8730ead874656c781e (commit)


- Log -----------------------------------------------------------------
commit b5c4209be9162d4ceafb9aef833ca94ffa1cc5c9
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date:   Tue Apr 25 12:25:42 2017 -0400

    Switch command-line utils to new nameopt API.
    
    The CA names should be printed according to user's decision
    print_name instead of set of BIO_printf
    dump_cert_text instead of set of BIO_printf
    Testing cyrillic output of X509_CRL_print_ex
    Write and use X509_CRL_print_ex
    Reduce usage of X509_NAME_online
    Using X509_REQ_print_ex instead of X509_REQ_print
    Fix nameopt processing.
    Make dump_cert_text nameopt-friendly
    Move nameopt getter/setter to apps/apps.c
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3262)

-----------------------------------------------------------------------

Summary of changes:
 apps/apps.c                  | 30 ++++++++++++++++++++----------
 apps/apps.h                  |  2 ++
 apps/ca.c                    | 17 +++++++----------
 apps/crl.c                   | 12 +++---------
 apps/pkcs7.c                 |  2 +-
 apps/req.c                   | 21 ++++++++-------------
 apps/s_apps.h                |  2 --
 apps/s_cb.c                  | 16 +++++-----------
 apps/s_client.c              | 18 +++++++-----------
 apps/s_server.c              |  5 +----
 apps/verify.c                | 12 +++---------
 apps/x509.c                  | 32 ++++++++++++--------------------
 crypto/x509/t_crl.c          | 12 ++++++++----
 include/openssl/x509.h       |  1 +
 test/certs/cyrillic_crl.pem  | 13 +++++++++++++
 test/certs/cyrillic_crl.utf8 | 39 +++++++++++++++++++++++++++++++++++++++
 test/recipes/25-test_crl.t   | 12 +++++++++++-
 util/libcrypto.num           |  1 +
 18 files changed, 142 insertions(+), 105 deletions(-)
 create mode 100644 test/certs/cyrillic_crl.pem
 create mode 100644 test/certs/cyrillic_crl.utf8

diff --git a/apps/apps.c b/apps/apps.c
index 216bc79..c66b89c 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -149,20 +149,30 @@ int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
 
 #endif
 
-int dump_cert_text(BIO *out, X509 *x)
+static unsigned long nmflag = 0;
+static char nmflag_set = 0;
+
+int set_nameopt(const char *arg)
 {
-    char *p;
+    int ret = set_name_ex(&nmflag, arg);
+
+    if (ret)
+        nmflag_set = 1;
+
+    return ret;
+}
 
-    p = X509_NAME_oneline(X509_get_subject_name(x), NULL, 0);
-    BIO_puts(out, "subject=");
-    BIO_puts(out, p);
-    OPENSSL_free(p);
+unsigned long get_nameopt(void)
+{
+    return (nmflag_set) ? nmflag : XN_FLAG_ONELINE;
+}
 
-    p = X509_NAME_oneline(X509_get_issuer_name(x), NULL, 0);
-    BIO_puts(out, "\nissuer=");
-    BIO_puts(out, p);
+int dump_cert_text(BIO *out, X509 *x)
+{
+    print_name(out, "subject=", X509_get_subject_name(x), get_nameopt());
+    BIO_puts(out, "\n");
+    print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt());
     BIO_puts(out, "\n");
-    OPENSSL_free(p);
 
     return 0;
 }
diff --git a/apps/apps.h b/apps/apps.h
index e7c860f..a8de2dc 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -400,6 +400,8 @@ void print_name(BIO *out, const char *title, X509_NAME *nm,
 void print_bignum_var(BIO *, const BIGNUM *, const char*,
                       int, unsigned char *);
 void print_array(BIO *, const char *, int, const unsigned char *);
+int set_nameopt(const char *arg);
+unsigned long get_nameopt(void);
 int set_cert_ex(unsigned long *flags, const char *arg);
 int set_name_ex(unsigned long *flags, const char *arg);
 int set_ext_copy(int *copy_type, const char *arg);
diff --git a/apps/ca.c b/apps/ca.c
index 6a615ed..102ff87 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -258,7 +258,7 @@ int ca_main(int argc, char **argv)
     int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0;
     int i, j, selfsign = 0;
     long crldays = 0, crlhours = 0, crlsec = 0, days = 0;
-    unsigned long chtype = MBSTRING_ASC, nameopt = 0, certopt = 0;
+    unsigned long chtype = MBSTRING_ASC, certopt = 0;
     X509 *x509 = NULL, *x509p = NULL, *x = NULL;
     REVINFO_TYPE rev_type = REV_NONE;
     X509_REVOKED *r = NULL;
@@ -569,14 +569,11 @@ end_of_options:
     f = NCONF_get_string(conf, section, ENV_NAMEOPT);
 
     if (f) {
-        if (!set_name_ex(&nameopt, f)) {
+        if (!set_nameopt(f)) {
             BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
             goto end;
         }
         default_op = 0;
-    } else {
-        nameopt = XN_FLAG_ONELINE;
-        ERR_clear_error();
     }
 
     f = NCONF_get_string(conf, section, ENV_CERTOPT);
@@ -866,7 +863,7 @@ end_of_options:
             j = certify_spkac(&x, spkac_file, pkey, x509, dgst, sigopts,
                               attribs, db, serial, subj, chtype, multirdn,
                               email_dn, startdate, enddate, days, extensions,
-                              conf, verbose, certopt, nameopt, default_op,
+                              conf, verbose, certopt, get_nameopt(), default_op,
                               ext_copy);
             if (j < 0)
                 goto end;
@@ -891,7 +888,7 @@ end_of_options:
                              attribs,
                              db, serial, subj, chtype, multirdn, email_dn,
                              startdate, enddate, days, batch, extensions,
-                             conf, verbose, certopt, nameopt, default_op,
+                             conf, verbose, certopt, get_nameopt(), default_op,
                              ext_copy);
             if (j < 0)
                 goto end;
@@ -911,7 +908,7 @@ end_of_options:
             j = certify(&x, infile, pkey, x509p, dgst, sigopts, attribs, db,
                         serial, subj, chtype, multirdn, email_dn, startdate,
                         enddate, days, batch, extensions, conf, verbose,
-                        certopt, nameopt, default_op, ext_copy, selfsign);
+                        certopt, get_nameopt(), default_op, ext_copy, selfsign);
             if (j < 0)
                 goto end;
             if (j > 0) {
@@ -930,7 +927,7 @@ end_of_options:
             j = certify(&x, argv[i], pkey, x509p, dgst, sigopts, attribs, db,
                         serial, subj, chtype, multirdn, email_dn, startdate,
                         enddate, days, batch, extensions, conf, verbose,
-                        certopt, nameopt, default_op, ext_copy, selfsign);
+                        certopt, get_nameopt(), default_op, ext_copy, selfsign);
             if (j < 0)
                 goto end;
             if (j > 0) {
@@ -1272,7 +1269,7 @@ static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
         goto end;
     }
     if (verbose)
-        X509_REQ_print(bio_err, req);
+        X509_REQ_print_ex(bio_err, req, nameopt, X509_FLAG_COMPAT);
 
     BIO_printf(bio_err, "Check that the request matches the signature\n");
 
diff --git a/apps/crl.c b/apps/crl.c
index 3847faa..ce589bb 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -69,8 +69,6 @@ int crl_main(int argc, char **argv)
     X509_OBJECT *xobj = NULL;
     EVP_PKEY *pkey;
     const EVP_MD *digest = EVP_sha1();
-    unsigned long nmflag = 0;
-    char nmflag_set = 0;
     char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
     const char *CAfile = NULL, *CApath = NULL, *prog;
     OPTION_CHOICE o;
@@ -169,8 +167,7 @@ int crl_main(int argc, char **argv)
             badsig = 1;
             break;
         case OPT_NAMEOPT:
-            nmflag_set = 1;
-            if (!set_name_ex(&nmflag, opt_arg()))
+            if (!set_nameopt(opt_arg()))
                 goto opthelp;
             break;
         case OPT_MD:
@@ -182,9 +179,6 @@ int crl_main(int argc, char **argv)
     if (argc != 0)
         goto opthelp;
 
-    if (!nmflag_set)
-        nmflag = XN_FLAG_ONELINE;
-
     x = load_crl(infile, informat);
     if (x == NULL)
         goto end;
@@ -260,7 +254,7 @@ int crl_main(int argc, char **argv)
         for (i = 1; i <= num; i++) {
             if (issuer == i) {
                 print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
-                           nmflag);
+                           get_nameopt());
             }
             if (crlnumber == i) {
                 ASN1_INTEGER *crlnum;
@@ -319,7 +313,7 @@ int crl_main(int argc, char **argv)
         goto end;
 
     if (text)
-        X509_CRL_print(out, x);
+        X509_CRL_print_ex(out, x, get_nameopt());
 
     if (noout) {
         ret = 0;
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index 2268108..45e9c7d 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -163,7 +163,7 @@ int pkcs7_main(int argc, char **argv)
             for (i = 0; i < sk_X509_CRL_num(crls); i++) {
                 crl = sk_X509_CRL_value(crls, i);
 
-                X509_CRL_print(out, crl);
+                X509_CRL_print_ex(out, crl, get_nameopt());
 
                 if (!noout)
                     PEM_write_bio_X509_CRL(out, crl);
diff --git a/apps/req.c b/apps/req.c
index ddb0fdc..f1dba66 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -163,8 +163,7 @@ int req_main(int argc, char **argv)
     int modulus = 0, multirdn = 0, verify = 0, noout = 0, text = 0;
     int nodes = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0;
     long newkey = -1;
-    unsigned long chtype = MBSTRING_ASC, nmflag = 0, reqflag = 0;
-    char nmflag_set = 0;
+    unsigned long chtype = MBSTRING_ASC, reqflag = 0;
 
 #ifndef OPENSSL_NO_DES
     cipher = EVP_des_ede3_cbc();
@@ -277,8 +276,7 @@ int req_main(int argc, char **argv)
             chtype = MBSTRING_UTF8;
             break;
         case OPT_NAMEOPT:
-            nmflag_set = 1;
-            if (!set_name_ex(&nmflag, opt_arg()))
+            if (!set_nameopt(opt_arg()))
                 goto opthelp;
             break;
         case OPT_REQOPT:
@@ -333,9 +331,6 @@ int req_main(int argc, char **argv)
     if (argc != 0)
         goto opthelp;
 
-    if (!nmflag_set)
-        nmflag = XN_FLAG_ONELINE;
-
     /* TODO: simplify this as pkey is still always NULL here */
     private = newreq && (pkey == NULL) ? 1 : 0;
 
@@ -695,7 +690,7 @@ int req_main(int argc, char **argv)
         if (verbose) {
             BIO_printf(bio_err, "Modifying Request's Subject\n");
             print_name(bio_err, "old subject=",
-                       X509_REQ_get_subject_name(req), nmflag);
+                       X509_REQ_get_subject_name(req), get_nameopt());
         }
 
         if (build_subject(req, subj, chtype, multirdn) == 0) {
@@ -706,7 +701,7 @@ int req_main(int argc, char **argv)
 
         if (verbose) {
             print_name(bio_err, "new subject=",
-                       X509_REQ_get_subject_name(req), nmflag);
+                       X509_REQ_get_subject_name(req), get_nameopt());
         }
     }
 
@@ -755,18 +750,18 @@ int req_main(int argc, char **argv)
 
     if (text) {
         if (x509)
-            X509_print_ex(out, x509ss, nmflag, reqflag);
+            X509_print_ex(out, x509ss, get_nameopt(), reqflag);
         else
-            X509_REQ_print_ex(out, req, nmflag, reqflag);
+            X509_REQ_print_ex(out, req, get_nameopt(), reqflag);
     }
 
     if (subject) {
         if (x509)
             print_name(out, "subject=", X509_get_subject_name(x509ss),
-                       nmflag);
+                       get_nameopt());
         else
             print_name(out, "subject=", X509_REQ_get_subject_name(req),
-                       nmflag);
+                       get_nameopt());
     }
 
     if (modulus) {
diff --git a/apps/s_apps.h b/apps/s_apps.h
index 38c6b67..07b5a7a 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -44,8 +44,6 @@ int should_retry(int i);
 long bio_dump_callback(BIO *bio, int cmd, const char *argp,
                        int argi, long argl, long ret);
 
-int set_nameopt(const char *arg);
-
 #ifdef HEADER_SSL_H
 void apps_ssl_info_callback(const SSL *s, int where, int ret);
 void msg_cb(int write_p, int version, int content_type, const void *buf,
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 1b68164..edbc2b8 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -33,12 +33,6 @@ static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
 static int cookie_initialized = 0;
 #endif
 static BIO *bio_keylog = NULL;
-static unsigned long nmflag = XN_FLAG_ONELINE;
-
-int set_nameopt(const char *arg)
-{
-  return set_name_ex(&nmflag, arg);
-}
 
 static const char *lookup(int val, const STRINT_PAIR* list, const char* def)
 {
@@ -62,7 +56,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
         if (err_cert) {
             X509_NAME_print_ex(bio_err,
                                X509_get_subject_name(err_cert),
-                               0, nmflag);
+                               0, get_nameopt());
             BIO_puts(bio_err, "\n");
         } else
             BIO_puts(bio_err, "<no cert>\n");
@@ -83,7 +77,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
     case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
         BIO_puts(bio_err, "issuer= ");
         X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
-                           0, nmflag);
+                           0, get_nameopt());
         BIO_puts(bio_err, "\n");
         break;
     case X509_V_ERR_CERT_NOT_YET_VALID:
@@ -836,7 +830,7 @@ static int set_cert_cb(SSL *ssl, void *arg)
         rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain);
         BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i);
         X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
-                           nmflag);
+                           get_nameopt());
         BIO_puts(bio_err, "\n");
         print_chain_flags(ssl, rv);
         if (rv & CERT_PKEY_VALID) {
@@ -1125,7 +1119,7 @@ void print_ssl_summary(SSL *s)
 
         BIO_puts(bio_err, "Peer certificate: ");
         X509_NAME_print_ex(bio_err, X509_get_subject_name(peer),
-                           0, nmflag);
+                           0, get_nameopt());
         BIO_puts(bio_err, "\n");
         if (SSL_get_peer_signature_nid(s, &nid))
             BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid));
@@ -1440,7 +1434,7 @@ void print_ca_names(BIO *bio, SSL *s)
 
     BIO_printf(bio, "---\nAcceptable %s certificate CA names\n",cs);
     for (i = 0; i < sk_X509_NAME_num(sk); i++) {
-        X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, XN_FLAG_ONELINE);
+        X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, get_nameopt());
         BIO_write(bio, "\n", 1);
     }
 }
diff --git a/apps/s_client.c b/apps/s_client.c
index 52b99ce..efdc8e3 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2849,7 +2849,6 @@ int s_client_main(int argc, char **argv)
 static void print_stuff(BIO *bio, SSL *s, int full)
 {
     X509 *peer = NULL;
-    char buf[BUFSIZ];
     STACK_OF(X509) *sk;
     const SSL_CIPHER *c;
     int i;
@@ -2870,12 +2869,12 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 
             BIO_printf(bio, "---\nCertificate chain\n");
             for (i = 0; i < sk_X509_num(sk); i++) {
-                X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)),
-                                  buf, sizeof buf);
-                BIO_printf(bio, "%2d s:%s\n", i, buf);
-                X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)),
-                                  buf, sizeof buf);
-                BIO_printf(bio, "   i:%s\n", buf);
+                BIO_printf(bio, "%2d s:", i);
+                X509_NAME_print_ex(bio, X509_get_subject_name(sk_X509_value(sk, i)), 0, get_nameopt());
+                BIO_puts(bio, "\n");
+                BIO_printf(bio, "   i:");
+                X509_NAME_print_ex(bio, X509_get_issuer_name(sk_X509_value(sk, i)), 0, get_nameopt());
+                BIO_puts(bio, "\n");
                 if (c_showcerts)
                     PEM_write_bio_X509(bio, sk_X509_value(sk, i));
             }
@@ -2889,10 +2888,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
             /* Redundant if we showed the whole chain */
             if (!(c_showcerts && got_a_chain))
                 PEM_write_bio_X509(bio, peer);
-            X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
-            BIO_printf(bio, "subject=%s\n", buf);
-            X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
-            BIO_printf(bio, "issuer=%s\n", buf);
+            dump_cert_text(bio, peer);
         } else {
             BIO_printf(bio, "no peer certificate available\n");
         }
diff --git a/apps/s_server.c b/apps/s_server.c
index d842fb8..4631663 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2728,10 +2728,7 @@ static void print_connection_info(SSL *con)
     if (peer != NULL) {
         BIO_printf(bio_s_out, "Client certificate\n");
         PEM_write_bio_X509(bio_s_out, peer);
-        X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
-        BIO_printf(bio_s_out, "subject=%s\n", buf);
-        X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
-        BIO_printf(bio_s_out, "issuer=%s\n", buf);
+        dump_cert_text(bio_s_out, peer);
         X509_free(peer);
         peer = NULL;
     }
diff --git a/apps/verify.c b/apps/verify.c
index a4eb465..c31695c 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -22,7 +22,6 @@ static int check(X509_STORE *ctx, const char *file,
                  STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
                  STACK_OF(X509_CRL) *crls, int show_chain);
 static int v_verbose = 0, vflags = 0;
-static unsigned long nmflag = 0;
 
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -70,7 +69,6 @@ int verify_main(int argc, char **argv)
     const char *prog, *CApath = NULL, *CAfile = NULL;
     int noCApath = 0, noCAfile = 0;
     int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1;
-    char nmflag_set = 0;
     OPTION_CHOICE o;
 
     if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
@@ -153,8 +151,7 @@ int verify_main(int argc, char **argv)
             show_chain = 1;
             break;
         case OPT_NAMEOPT:
-            nmflag_set = 1;
-            if (!set_name_ex(&nmflag, opt_arg()))
+            if (!set_nameopt(opt_arg()))
                 goto end;
             break;
         case OPT_VERBOSE:
@@ -171,9 +168,6 @@ int verify_main(int argc, char **argv)
         goto end;
     }
 
-    if (!nmflag_set)
-        nmflag = XN_FLAG_ONELINE;
-
     if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
         goto end;
     X509_STORE_set_verify_cb(store, cb);
@@ -253,7 +247,7 @@ static int check(X509_STORE *ctx, const char *file,
                 printf("depth=%d: ", j);
                 X509_NAME_print_ex_fp(stdout,
                                       X509_get_subject_name(cert),
-                                      0, nmflag);
+                                      0, get_nameopt());
                 if (j < num_untrusted)
                     printf(" (untrusted)");
                 printf("\n");
@@ -282,7 +276,7 @@ static int cb(int ok, X509_STORE_CTX *ctx)
         if (current_cert) {
             X509_NAME_print_ex(bio_err,
                             X509_get_subject_name(current_cert),
-                            0, nmflag);
+                            0, get_nameopt());
             BIO_printf(bio_err, "\n");
         }
         BIO_printf(bio_err, "%serror %d at %d depth lookup: %s\n",
diff --git a/apps/x509.c b/apps/x509.c
index 182cfb0..41d6e4a 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -160,7 +160,7 @@ int x509_main(int argc, char **argv)
     char *checkhost = NULL, *checkemail = NULL, *checkip = NULL;
     char *extsect = NULL, *extfile = NULL, *passin = NULL, *passinarg = NULL;
     char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL;
-    char buf[256], *prog;
+    char *prog;
     int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0, pprint = 0;
     int C = 0, CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM;
     int fingerprint = 0, reqfile = 0, need_rand = 0, checkend = 0;
@@ -172,8 +172,7 @@ int x509_main(int argc, char **argv)
     int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0;
     int enddate = 0;
     time_t checkoffset = 0;
-    unsigned long nmflag = 0, certflag = 0;
-    char nmflag_set = 0;
+    unsigned long certflag = 0;
     OPTION_CHOICE o;
     ENGINE *e = NULL;
 #ifndef OPENSSL_NO_MD5
@@ -308,8 +307,7 @@ int x509_main(int argc, char **argv)
                 goto opthelp;
             break;
         case OPT_NAMEOPT:
-            nmflag_set = 1;
-            if (!set_name_ex(&nmflag, opt_arg()))
+            if (!set_nameopt(opt_arg()))
                 goto opthelp;
             break;
         case OPT_ENGINE:
@@ -447,9 +445,6 @@ int x509_main(int argc, char **argv)
         goto opthelp;
     }
 
-    if (!nmflag_set)
-        nmflag = XN_FLAG_ONELINE;
-
     out = bio_open_default(outfile, 'w', outformat);
     if (out == NULL)
         goto end;
@@ -539,7 +534,7 @@ int x509_main(int argc, char **argv)
             BIO_printf(bio_err, "Signature ok\n");
 
         print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),
-                   nmflag);
+                   get_nameopt());
 
         if ((x = X509_new()) == NULL)
             goto end;
@@ -618,10 +613,10 @@ int x509_main(int argc, char **argv)
     if (num) {
         for (i = 1; i <= num; i++) {
             if (issuer == i) {
-                print_name(out, "issuer=", X509_get_issuer_name(x), nmflag);
+                print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt());
             } else if (subject == i) {
                 print_name(out, "subject=",
-                           X509_get_subject_name(x), nmflag);
+                           X509_get_subject_name(x), get_nameopt());
             } else if (serial == i) {
                 BIO_printf(out, "serial=");
                 i2a_ASN1_INTEGER(out, X509_get_serialNumber(x));
@@ -726,13 +721,10 @@ int x509_main(int argc, char **argv)
                 char *m;
                 int len;
 
-                X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf);
-                BIO_printf(out, "/*\n"
-                                " * Subject: %s\n", buf);
-
-                X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof buf);
-                BIO_printf(out, " * Issuer:  %s\n"
-                                " */\n", buf);
+                print_name(out, "/*\n"
+                                " * Subject: ", X509_get_subject_name(x), get_nameopt());
+                print_name(out, " * Issuer:  ", X509_get_issuer_name(x), get_nameopt());
+                BIO_puts(out, " */\n");
 
                 len = i2d_X509(x, NULL);
                 m = app_malloc(len, "x509 name buffer");
@@ -747,7 +739,7 @@ int x509_main(int argc, char **argv)
                 print_array(out, "the_certificate", len, (unsigned char *)m);
                 OPENSSL_free(m);
             } else if (text == i) {
-                X509_print_ex(out, x, nmflag, certflag);
+                X509_print_ex(out, x, get_nameopt(), certflag);
             } else if (startdate == i) {
                 BIO_puts(out, "notBefore=");
                 ASN1_TIME_print(out, X509_get0_notBefore(x));
@@ -828,7 +820,7 @@ int x509_main(int argc, char **argv)
                     goto end;
                 }
                 if (!noout) {
-                    X509_REQ_print(out, rq);
+                    X509_REQ_print_ex(out, rq, get_nameopt(), X509_FLAG_COMPAT);
                     PEM_write_bio_X509_REQ(out, rq);
                 }
                 noout = 1;
diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c
index f3ca6db..3c073ff 100644
--- a/crypto/x509/t_crl.c
+++ b/crypto/x509/t_crl.c
@@ -34,13 +34,17 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
 
 int X509_CRL_print(BIO *out, X509_CRL *x)
 {
+  return X509_CRL_print_ex(out, x, XN_FLAG_COMPAT);
+}
+
+int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag)
+{
     STACK_OF(X509_REVOKED) *rev;
     X509_REVOKED *r;
     const X509_ALGOR *sig_alg;
     const ASN1_BIT_STRING *sig;
     long l;
     int i;
-    char *p;
 
     BIO_printf(out, "Certificate Revocation List (CRL):\n");
     l = X509_CRL_get_version(x);
@@ -50,9 +54,9 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
         BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l);
     X509_CRL_get0_signature(x, &sig, &sig_alg);
     X509_signature_print(out, sig_alg, NULL);
-    p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0);
-    BIO_printf(out, "%8sIssuer: %s\n", "", p);
-    OPENSSL_free(p);
+    BIO_printf(out, "%8sIssuer: ", "");
+    X509_NAME_print_ex(out, X509_CRL_get_issuer(x), 0, nmflag);
+    BIO_puts(out, "\n");
     BIO_printf(out, "%8sLast Update: ", "");
     ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x));
     BIO_printf(out, "\n%8sNext Update: ", "");
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 49ad143..a6aabeb 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -773,6 +773,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
                   unsigned long cflag);
 int X509_print(BIO *bp, X509 *x);
 int X509_ocspid_print(BIO *bp, X509 *x);
+int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag);
 int X509_CRL_print(BIO *bp, X509_CRL *x);
 int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
                       unsigned long cflag);
diff --git a/test/certs/cyrillic_crl.pem b/test/certs/cyrillic_crl.pem
new file mode 100644
index 0000000..5ba2b2c
--- /dev/null
+++ b/test/certs/cyrillic_crl.pem
@@ -0,0 +1,13 @@
+-----BEGIN X509 CRL-----
+MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCUlUxFTATBgNV
+BAgMDNCc0L7RgdC60LLQsDELMAkGA1UECgwC0K8xCzAJBgNVBAsMAtCvMSowKAYD
+VQQDDCHQlNC80LjRgtGA0LjQuSDQkdC10LvRj9Cy0YHQutC40LkxIjAgBgkqhkiG
+9w0BCQEWE2JlbGRtaXRAZXhhbXBsZS5jb20XDTE3MDQyNDEzMjUzMVoXDTE3MDUy
+NDEzMjUzMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCF5eX+
+1BM/BxoHU2/3pQHJgPSKevN0/K/daiFHiJl7Kb9GCwKY14B1RvbN2rUP/58Mt+aq
+jvauf1yBzlaJQeJKZcsCmG9p6Tr1y0BJXhrq5kC0SLyNDsfGUTfuxnwmo+clHXRU
++gKuk+h0WkJL022ZYbJ38w588k4NT3CWVHeE23EDC264p942mlDE7en6MyL152Pe
+Ld9YrWiq5iOIOrIbQLErq0EjwxvHG9sMiYFUa6VrwmRf26nyZ7u9RKJDP+o2dltw
+diBaSXC3Qt3pZ8BIfv/l81lwp8Dr63SwCII2pIRplyICdQqmX/a+1q8kThXIP2Kx
++X48g7VE2o2X4cfy
+-----END X509 CRL-----
diff --git a/test/certs/cyrillic_crl.utf8 b/test/certs/cyrillic_crl.utf8
new file mode 100644
index 0000000..07dcf75
--- /dev/null
+++ b/test/certs/cyrillic_crl.utf8
@@ -0,0 +1,39 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=RU, ST=Москва, O=Я, OU=Я, CN=Дмитрий Белявский, emailAddress=beldmit at example.com
+        Last Update: Apr 24 13:25:31 2017 GMT
+        Next Update: May 24 13:25:31 2017 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                1
+No Revoked Certificates.
+    Signature Algorithm: sha256WithRSAEncryption
+         85:e5:e5:fe:d4:13:3f:07:1a:07:53:6f:f7:a5:01:c9:80:f4:
+         8a:7a:f3:74:fc:af:dd:6a:21:47:88:99:7b:29:bf:46:0b:02:
+         98:d7:80:75:46:f6:cd:da:b5:0f:ff:9f:0c:b7:e6:aa:8e:f6:
+         ae:7f:5c:81:ce:56:89:41:e2:4a:65:cb:02:98:6f:69:e9:3a:
+         f5:cb:40:49:5e:1a:ea:e6:40:b4:48:bc:8d:0e:c7:c6:51:37:
+         ee:c6:7c:26:a3:e7:25:1d:74:54:fa:02:ae:93:e8:74:5a:42:
+         4b:d3:6d:99:61:b2:77:f3:0e:7c:f2:4e:0d:4f:70:96:54:77:
+         84:db:71:03:0b:6e:b8:a7:de:36:9a:50:c4:ed:e9:fa:33:22:
+         f5:e7:63:de:2d:df:58:ad:68:aa:e6:23:88:3a:b2:1b:40:b1:
+         2b:ab:41:23:c3:1b:c7:1b:db:0c:89:81:54:6b:a5:6b:c2:64:
+         5f:db:a9:f2:67:bb:bd:44:a2:43:3f:ea:36:76:5b:70:76:20:
+         5a:49:70:b7:42:dd:e9:67:c0:48:7e:ff:e5:f3:59:70:a7:c0:
+         eb:eb:74:b0:08:82:36:a4:84:69:97:22:02:75:0a:a6:5f:f6:
+         be:d6:af:24:4e:15:c8:3f:62:b1:f9:7e:3c:83:b5:44:da:8d:
+         97:e1:c7:f2
+-----BEGIN X509 CRL-----
+MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCUlUxFTATBgNV
+BAgMDNCc0L7RgdC60LLQsDELMAkGA1UECgwC0K8xCzAJBgNVBAsMAtCvMSowKAYD
+VQQDDCHQlNC80LjRgtGA0LjQuSDQkdC10LvRj9Cy0YHQutC40LkxIjAgBgkqhkiG
+9w0BCQEWE2JlbGRtaXRAZXhhbXBsZS5jb20XDTE3MDQyNDEzMjUzMVoXDTE3MDUy
+NDEzMjUzMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCF5eX+
+1BM/BxoHU2/3pQHJgPSKevN0/K/daiFHiJl7Kb9GCwKY14B1RvbN2rUP/58Mt+aq
+jvauf1yBzlaJQeJKZcsCmG9p6Tr1y0BJXhrq5kC0SLyNDsfGUTfuxnwmo+clHXRU
++gKuk+h0WkJL022ZYbJ38w588k4NT3CWVHeE23EDC264p942mlDE7en6MyL152Pe
+Ld9YrWiq5iOIOrIbQLErq0EjwxvHG9sMiYFUa6VrwmRf26nyZ7u9RKJDP+o2dltw
+diBaSXC3Qt3pZ8BIfv/l81lwp8Dr63SwCII2pIRplyICdQqmX/a+1q8kThXIP2Kx
++X48g7VE2o2X4cfy
+-----END X509 CRL-----
diff --git a/test/recipes/25-test_crl.t b/test/recipes/25-test_crl.t
index e8ce5f8..456accb 100644
--- a/test/recipes/25-test_crl.t
+++ b/test/recipes/25-test_crl.t
@@ -15,10 +15,14 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_crl");
 
-plan tests => 5;
+plan tests => 7;
 
 require_ok(srctop_file('test','recipes','tconversion.pl'));
 
+my $pem = srctop_file("test/certs", "cyrillic_crl.pem");
+my $out = "cyrillic_crl.out";
+my $utf = srctop_file("test/certs", "cyrillic_crl.utf8");
+
 subtest 'crl conversions' => sub {
     tconversion("crl", srctop_file("test","testcrl.pem"));
 };
@@ -32,6 +36,12 @@ ok(compare1stline([qw{openssl crl -noout -fingerprint -sha256 -in},
                    srctop_file('test', 'testcrl.pem')],
                   'SHA256 Fingerprint=B3:A9:FD:A7:2E:8C:3D:DF:D0:F1:C3:1A:96:60:B5:FD:B0:99:7C:7F:0E:E4:34:F5:DB:87:62:36:BC:F1:BC:1B'));
 
+ok(run(app(["openssl", "crl", "-text", "-in", $pem, "-out", $out,
+            "-nameopt", "utf8"])));
+is(cmp_text($out, srctop_file("test/certs", "cyrillic_crl.utf8")),
+   0, 'Comparing utf8 output');
+unlink $out;
+
 sub compare1stline {
     my ($cmdarray, $str) = @_;
     my @lines = run(app($cmdarray), capture => 1);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 14c4c6a..9540d6f 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4272,3 +4272,4 @@ ZINT64_it                               4215	1_1_0f	EXIST:!EXPORT_VAR_AS_FUNCTIO
 ZINT64_it                               4215	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
 CRYPTO_mem_leaks_cb                     4216	1_1_1	EXIST::FUNCTION:CRYPTO_MDEBUG
 BIO_lookup_ex                           4217	1_1_1	EXIST::FUNCTION:SOCK
+X509_CRL_print_ex                       4218	1_1_1	EXIST::FUNCTION:


More information about the openssl-commits mailing list