[openssl-dev] [openssl.org #3702] openssl verify improvement
Dmitry Belyavsky via RT
rt at openssl.org
Fri Feb 13 19:01:20 UTC 2015
Hello openssl team,
here is the patch providing -nameopt option to the openssl verify command.
It makes possible to print certificate subject correctly in case of error.
Thank you.
--
SY, Dmitry Belyavsky
-------------- next part --------------
--- ../openssl-1.0.1i/apps/verify.c 2014-08-07 01:10:56.000000000 +0400
+++ apps/verify.c 2015-02-13 20:53:00.202406546 +0300
@@ -74,6 +74,7 @@
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
STACK_OF(X509_CRL) *crls, ENGINE *e);
static int v_verbose=0, vflags = 0;
+static unsigned long nmflag = 0;
int MAIN(int, char **);
@@ -145,6 +146,11 @@
if (argc-- < 1) goto end;
crlfile= *(++argv);
}
+ else if (strcmp(*argv,"-nameopt") == 0)
+ {
+ if (--argc < 1) goto end;
+ if (!set_name_ex(&nmflag, *(++argv))) goto end;
+ }
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
@@ -317,9 +323,10 @@
{
if (current_cert)
{
+ nmflag = nmflag ? nmflag : XN_FLAG_ONELINE;
X509_NAME_print_ex_fp(stdout,
X509_get_subject_name(current_cert),
- 0, XN_FLAG_ONELINE);
+ 0, nmflag);
printf("\n");
}
printf("%serror %d at %d depth lookup:%s\n",
More information about the openssl-dev
mailing list