[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Paul I. Dale
pauli at openssl.org
Tue Sep 4 19:43:41 UTC 2018
The branch OpenSSL_1_1_0-stable has been updated
via bfd752fe83c72f248a6905d971217e8a3e3a287d (commit)
from fe4de29d48d6f7125576a6f8ac73c5af5e832083 (commit)
- Log -----------------------------------------------------------------
commit bfd752fe83c72f248a6905d971217e8a3e3a287d
Author: Eric Curtin <ericcurtin17 at gmail.com>
Date: Mon Sep 3 15:23:37 2018 +0100
New openssl subject parser hard to debug
-subj 'subject=C = US, ST = A, L = root, O = Hewlett Packard Enterprise Company, OU = Remote Device Access, CN = Hewlett Packard Enterprise Remote Device Access Test Local CA, emailAddress = rda at hpe.com'
was a valid subject in openssl 1.0. Error received in 1.1 is:
problems making Certificate Request
Not very informative, I only figured this out because I compiled the
code and added logging.
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7098)
(cherry picked from commit 2167640b0bf76ec50a397dd90444b97c242e3f04)
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/apps/apps.c b/apps/apps.c
index d52201f..a162b16 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1707,8 +1707,14 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti)
char *work;
X509_NAME *n;
- if (*cp++ != '/')
+ if (*cp++ != '/') {
+ BIO_printf(bio_err,
+ "name is expected to be in the format "
+ "/type0=value0/type1=value1/type2=... where characters may "
+ "be escaped by \\. This name is not in that format: '%s'\n",
+ --cp);
return NULL;
+ }
n = X509_NAME_new();
if (n == NULL)
More information about the openssl-commits
mailing list