pkcs12 output change between release 1.0.2 and 1.1.1

Matt Caswell matt at
Thu Oct 28 09:36:12 UTC 2021

On 28/10/2021 10:06, Patrice Guérin wrote:
> Hi all,
> The output of pkcs12 command differs between release 1.0.2 and 1.1.1.
> The command used is
>        openssl pkcs12 -passin pass:xxxx -nokeys -in signedcert.bin
> In the bag attributes, if the subject (and probably the issuer) contains 
> bytes outside ASCII range,
> I get a different result and make internal unit test failed in this case.
> In release 1.0.2,  bytes are expressed as \xHH
> In release 1.1.1, they are expressed as \HH
> Is there a way to get compatible results ?

Some of the command line tools offer the ability to set a "-nameopt" 
flag to control the format of this output. Unfortunately the pkcs12 app 
is not one of them, so this is not possible.


More information about the openssl-users mailing list