[openssl] master update
dev at ddvo.net
dev at ddvo.net
Mon Nov 8 06:48:18 UTC 2021
The branch master has been updated
via 03ee2e5b1ecd1832d99d07fc459ecf62f5a0b168 (commit)
from 4ce64ed79d301939c7f2844a9e5e5fdd2033605f (commit)
- Log -----------------------------------------------------------------
commit 03ee2e5b1ecd1832d99d07fc459ecf62f5a0b168
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Wed Nov 3 18:41:07 2021 +0100
APPS/cmp: make the -sans option support email addresses (type rfc822Name)
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16960)
-----------------------------------------------------------------------
Summary of changes:
apps/cmp.c | 3 ++-
doc/man1/openssl-cmp.pod.in | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/apps/cmp.c b/apps/cmp.c
index b6e88e64f6..1c97075531 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -836,11 +836,12 @@ static int set_gennames(OSSL_CMP_CTX *ctx, char *names, const char *desc)
continue;
}
- /* try IP address first, then URI or domain name */
+ /* try IP address first, then email/URI/domain name */
(void)ERR_set_mark();
n = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_IPADD, names, 0);
if (n == NULL)
n = a2i_GENERAL_NAME(NULL, NULL, NULL,
+ strchr(names, '@') != NULL ? GEN_EMAIL :
strchr(names, ':') != NULL ? GEN_URI : GEN_DNS,
names, 0);
(void)ERR_pop_to_mark();
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index b4c3c82255..58e9bd7dda 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -312,7 +312,8 @@ contained the given PKCS#10 CSR, overriding any extensions with same OIDs.
=item B<-sans> I<spec>
-One or more IP addresses, DNS names, or URIs separated by commas or whitespace
+One or more IP addresses, email addresses, DNS names, or URIs
+separated by commas or whitespace
(where in the latter case the whole argument must be enclosed in "...")
to add as Subject Alternative Name(s) (SAN) certificate request extension.
If the special element "critical" is given the SANs are flagged as critical.
More information about the openssl-commits
mailing list