[openssl] master update
beldmit at gmail.com
beldmit at gmail.com
Tue Sep 21 12:10:04 UTC 2021
The branch master has been updated
via 6923d261b819cdd5d9e0a72337da6d6a92cef2a2 (commit)
via 537976defe0775c016b9dbb36406bee1e96d0edb (commit)
via 7e399f03829aad161b52b9c433b8d349c5922739 (commit)
via 7a27bdbdce3d6d6548d5878a30aecc989fcab574 (commit)
via 86cfd132ffc4f6198cc640a29c293850c0a59914 (commit)
from dc18f036f161e1e49e1d001046716c77d1699e70 (commit)
- Log -----------------------------------------------------------------
commit 6923d261b819cdd5d9e0a72337da6d6a92cef2a2
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Fri Sep 17 17:49:39 2021 +0200
Update the default value for the -nameopt option - documentation
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16583)
commit 537976defe0775c016b9dbb36406bee1e96d0edb
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Fri Sep 17 17:47:55 2021 +0200
NEWS and CHANGES are updated about switching to utf8
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16583)
commit 7e399f03829aad161b52b9c433b8d349c5922739
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Mon Sep 13 19:24:24 2021 +0200
Tests adjustments for default output change
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16583)
commit 7a27bdbdce3d6d6548d5878a30aecc989fcab574
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Thu Sep 16 17:47:47 2021 +0200
Update gost-engine to match new default nameopt
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16583)
commit 86cfd132ffc4f6198cc640a29c293850c0a59914
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Sat Sep 11 13:56:28 2021 +0200
Use -nameopt utf8 by default
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16583)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 5 ++++-
NEWS.md | 5 +++--
apps/lib/apps.c | 2 +-
doc/man1/openssl-namedisplay-options.pod | 2 +-
gost-engine | 2 +-
test/recipes/25-test_rusext.t | 6 +++++-
test/recipes/80-test_pkcs12.t | 2 +-
7 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 58dffb15ef..c9d3825eec 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -24,7 +24,10 @@ OpenSSL 3.1
### Changes between 3.0 and 3.1 [xx XXX xxxx]
- *
+ * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings
+ by default.
+
+ *Dmitry Belyavskiy*
OpenSSL 3.0
-----------
diff --git a/NEWS.md b/NEWS.md
index 7cf0d8a7b7..720cec7330 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -21,12 +21,13 @@ OpenSSL 3.1
### Major changes between OpenSSL 3.0 and OpenSSL 3.1 [under development]
- *
+ * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings
+ by default.
OpenSSL 3.0
-----------
-### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development]
+### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0
* Enhanced 'openssl list' with many new options.
* Added migration guide to man7.
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 43c01401e8..6fe99422b9 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -197,7 +197,7 @@ int set_nameopt(const char *arg)
unsigned long get_nameopt(void)
{
- return (nmflag_set) ? nmflag : XN_FLAG_ONELINE;
+ return (nmflag_set) ? nmflag : XN_FLAG_SEP_CPLUS_SPC | ASN1_STRFLGS_UTF8_CONVERT;
}
void dump_cert_text(BIO *out, X509 *x)
diff --git a/doc/man1/openssl-namedisplay-options.pod b/doc/man1/openssl-namedisplay-options.pod
index ff6ed1f4b4..a12f4dbf66 100644
--- a/doc/man1/openssl-namedisplay-options.pod
+++ b/doc/man1/openssl-namedisplay-options.pod
@@ -18,7 +18,7 @@ displayed.
This is specified by using the B<-nameopt> option, which takes a
comma-separated list of options from the following set.
An option may be preceded by a minus sign, C<->, to turn it off.
-The default value is C<oneline>.
+The default value is C<utf8,sep_comma_plus_space>.
The first four are the most commonly used.
=head1 OPTIONS
diff --git a/gost-engine b/gost-engine
index 62583fb222..9869058423 160000
--- a/gost-engine
+++ b/gost-engine
@@ -1 +1 @@
-Subproject commit 62583fb222ec89ff4f6aa3d18b91ed3e64ed5cea
+Subproject commit 986905842330e4a54e61334eb508fe3147c43e38
diff --git a/test/recipes/25-test_rusext.t b/test/recipes/25-test_rusext.t
index 05727f9d04..6c02ed1ba2 100644
--- a/test/recipes/25-test_rusext.t
+++ b/test/recipes/25-test_rusext.t
@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_rusext");
-plan tests => 5;
+plan tests => 7;
require_ok(srctop_file('test', 'recipes', 'tconversion.pl'));
my $pem = srctop_file("test/certs", "grfc.pem");
@@ -31,3 +31,7 @@ ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_utf8,
"-nameopt", "utf8", "-certopt", "no_pubkey"])));
is(cmp_text($out_utf8, srctop_file('test', 'recipes', '25-test_rusext_data', 'grfc.utf8')),
0, 'Comparing utf8 output');
+ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_utf8,
+ "-certopt", "no_pubkey"])));
+is(cmp_text($out_utf8, srctop_file('test', 'recipes', '25-test_rusext_data', 'grfc.utf8')),
+ 0, 'Comparing cyrillic utf8 output by default');
diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t
index 1f0cb4d501..759cc57118 100644
--- a/test/recipes/80-test_pkcs12.t
+++ b/test/recipes/80-test_pkcs12.t
@@ -143,7 +143,7 @@ my @pkcs12info = run(app(["openssl", "pkcs12", "-info", "-in", $outfile5,
"-passin", "pass:"]), capture => 1);
# Test that with one input certificate, we get one output certificate
-ok(grep(/subject=CN = server.example/, @pkcs12info) == 1,
+ok(grep(/subject=CN\s*=\s*server.example/, @pkcs12info) == 1,
"test one cert in output");
# Test that the expected friendly name is present in the output
ok(grep(/testname/, @pkcs12info) == 1, "test friendly name in output");
More information about the openssl-commits
mailing list