[openssl] master update

Dr. Paul Dale pauli at openssl.org
Thu Feb 24 00:21:17 UTC 2022 

The branch master has been updated
       via  632e8be2b570959dc3781c6956171e7e49f1aa58 (commit)
      from  42659159f4d4a8c16a0e9b089d40a5831b60cbb6 (commit)


- Log -----------------------------------------------------------------
commit 632e8be2b570959dc3781c6956171e7e49f1aa58
Author: Raul Ferrando <rferrandop at protonmail.com>
Date:   Tue Feb 15 16:02:41 2022 +0100

    Add -quiet option to pkcs7 for -print_certs
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17708)

-----------------------------------------------------------------------

Summary of changes:
 apps/pkcs7.c                                              | 13 +++++++++----
 doc/man1/openssl-pkcs7.pod.in                             |  6 ++++++
 test/recipes/25-test_pkcs7.t                              | 15 ++++++++++++++-
 .../grfc.pem => recipes/25-test_pkcs7_data/grfc.out}      |  1 +
 4 files changed, 30 insertions(+), 5 deletions(-)
 copy test/{certs/grfc.pem => recipes/25-test_pkcs7_data/grfc.out} (99%)

diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index ac2dec152a..a95ea25377 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -23,8 +23,8 @@
 typedef enum OPTION_choice {
     OPT_COMMON,
     OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT,
-    OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE,
-    OPT_PROV_ENUM
+    OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_QUIET,
+    OPT_ENGINE, OPT_PROV_ENUM
 } OPTION_CHOICE;
 
 const OPTIONS pkcs7_options[] = {
@@ -46,6 +46,8 @@ const OPTIONS pkcs7_options[] = {
     {"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"},
     {"print_certs", OPT_PRINT_CERTS, '-',
      "Print_certs  print any certs or crl in the input"},
+    {"quiet", OPT_QUIET, '-',
+     "When used with -print_certs, it produces a cleaner output"},
 
     OPT_PROV_OPTIONS,
     {NULL}
@@ -58,7 +60,7 @@ int pkcs7_main(int argc, char **argv)
     BIO *in = NULL, *out = NULL;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM;
     char *infile = NULL, *outfile = NULL, *prog;
-    int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1;
+    int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, quiet = 0, ret = 1;
     OPTION_CHOICE o;
     OSSL_LIB_CTX *libctx = app_get0_libctx();
 
@@ -100,6 +102,9 @@ int pkcs7_main(int argc, char **argv)
         case OPT_PRINT_CERTS:
             print_certs = 1;
             break;
+        case OPT_QUIET:
+            quiet = 1;
+            break;
         case OPT_ENGINE:
             e = setup_engine(opt_arg(), 0);
             break;
@@ -171,7 +176,7 @@ int pkcs7_main(int argc, char **argv)
                 x = sk_X509_value(certs, i);
                 if (text)
                     X509_print(out, x);
-                else
+                else if (!quiet)
                     dump_cert_text(out, x);
 
                 if (!noout)
diff --git a/doc/man1/openssl-pkcs7.pod.in b/doc/man1/openssl-pkcs7.pod.in
index efd772d1d4..eeb5c356f0 100644
--- a/doc/man1/openssl-pkcs7.pod.in
+++ b/doc/man1/openssl-pkcs7.pod.in
@@ -19,6 +19,7 @@ B<openssl> B<pkcs7>
 [B<-out> I<filename>]
 [B<-print>]
 [B<-print_certs>]
+[B<-quiet>]
 [B<-text>]
 [B<-noout>]
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
@@ -63,6 +64,11 @@ Print out the full PKCS7 object.
 Prints out any certificates or CRLs contained in the file. They are
 preceded by their subject and issuer names in one line format.
 
+=item B<-quiet>
+
+When used with -print_certs, prints out just the PEM-encoded 
+certificates without any other output. 
+
 =item B<-text>
 
 Prints out certificate details in full rather than just subject and
diff --git a/test/recipes/25-test_pkcs7.t b/test/recipes/25-test_pkcs7.t
index 37cd43dc6b..2905fe8fe0 100644
--- a/test/recipes/25-test_pkcs7.t
+++ b/test/recipes/25-test_pkcs7.t
@@ -15,10 +15,15 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_pkcs7");
 
-plan tests => 3;
+plan tests => 6;
 
 require_ok(srctop_file('test','recipes','tconversion.pl'));
 
+my @path = qw(test certs);
+my $pemfile = "grfc.pem";
+my $p7file = "grfc.p7b";
+my $out = "grfc.out";
+
 subtest 'pkcs7 conversions -- pkcs7' => sub {
     tconversion( -type => 'p7', -in => srctop_file("test", "testp7.pem"),
                  -args => ["pkcs7"] );
@@ -27,3 +32,11 @@ subtest 'pkcs7 conversions -- pkcs7d' => sub {
     tconversion( -type => 'p7d', -in => srctop_file("test", "pkcs7-1.pem"),
                  -args => ["pkcs7"] );
 };
+ok(run(app(["openssl", "crl2pkcs7", "-nocrl",
+            "-certfile", srctop_file(@path, $pemfile),
+            "-out", $p7file])));
+ok(run(app(["openssl", "pkcs7", "-print_certs", "-quiet",
+            "-in", $p7file,
+            "-out", $out])));
+is(cmp_text($out, srctop_file('test', 'recipes', '25-test_pkcs7_data', 'grfc.out')),
+    0, 'Comparing output');
\ No newline at end of file
diff --git a/test/certs/grfc.pem b/test/recipes/25-test_pkcs7_data/grfc.out
similarity index 99%
copy from test/certs/grfc.pem
copy to test/recipes/25-test_pkcs7_data/grfc.out
index 952818275b..21b7bf7820 100644
--- a/test/certs/grfc.pem
+++ b/test/recipes/25-test_pkcs7_data/grfc.out
@@ -28,3 +28,4 @@ HjAcMAgGBiqFA2RxATAIBgYqhQNkcQIwBgYEVR0gADAIBgYqhQMCAgMDQQC9ld1f
 Oit0pSliIMIkqIugExoh9UrWLrE/9VDplqCiyXkJFaJBwGDhHT8ljYj0TGDzD07j
 KW64bgG0AywHjyc3
 -----END CERTIFICATE-----
+

More information about the openssl-commits mailing list