Commit b5c4209b authored by Dmitry Belyavskiy's avatar Dmitry Belyavskiy Committed by Rich Salz
Browse files

Switch command-line utils to new nameopt API. 



The CA names should be printed according to user's decision
print_name instead of set of BIO_printf
dump_cert_text instead of set of BIO_printf
Testing cyrillic output of X509_CRL_print_ex
Write and use X509_CRL_print_ex
Reduce usage of X509_NAME_online
Using X509_REQ_print_ex instead of X509_REQ_print
Fix nameopt processing.
Make dump_cert_text nameopt-friendly
Move nameopt getter/setter to apps/apps.c

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3262)
parent 645c694d

apps/apps.c

+20 −10
Original line number Diff line number Diff line
@@ -149,20 +149,30 @@ int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path) 


#endif



int dump_cert_text(BIO *out, X509 *x)

static unsigned long nmflag = 0;

static char nmflag_set = 0;



int set_nameopt(const char *arg)

{

    char *p;

    int ret = set_name_ex(&nmflag, arg);



    if (ret)

        nmflag_set = 1;



    return ret;

}



    p = X509_NAME_oneline(X509_get_subject_name(x), NULL, 0);

    BIO_puts(out, "subject=");

    BIO_puts(out, p);

    OPENSSL_free(p);

unsigned long get_nameopt(void)

{

    return (nmflag_set) ? nmflag : XN_FLAG_ONELINE;

}



    p = X509_NAME_oneline(X509_get_issuer_name(x), NULL, 0);

    BIO_puts(out, "\nissuer=");

    BIO_puts(out, p);

int dump_cert_text(BIO *out, X509 *x)

{

    print_name(out, "subject=", X509_get_subject_name(x), get_nameopt());

    BIO_puts(out, "\n");

    print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt());

    BIO_puts(out, "\n");

    OPENSSL_free(p);



    return 0;

}

apps/apps.h

+2 −0
Original line number Diff line number Diff line
@@ -400,6 +400,8 @@ void print_name(BIO *out, const char *title, X509_NAME *nm, 
void print_bignum_var(BIO *, const BIGNUM *, const char*,

                      int, unsigned char *);

void print_array(BIO *, const char *, int, const unsigned char *);

int set_nameopt(const char *arg);

unsigned long get_nameopt(void);

int set_cert_ex(unsigned long *flags, const char *arg);

int set_name_ex(unsigned long *flags, const char *arg);

int set_ext_copy(int *copy_type, const char *arg);

apps/ca.c

+7 −10
Original line number Diff line number Diff line
@@ -258,7 +258,7 @@ int ca_main(int argc, char **argv) 
    int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0;

    int i, j, selfsign = 0;

    long crldays = 0, crlhours = 0, crlsec = 0, days = 0;

    unsigned long chtype = MBSTRING_ASC, nameopt = 0, certopt = 0;

    unsigned long chtype = MBSTRING_ASC, certopt = 0;

    X509 *x509 = NULL, *x509p = NULL, *x = NULL;

    REVINFO_TYPE rev_type = REV_NONE;

    X509_REVOKED *r = NULL;
@@ -569,14 +569,11 @@ end_of_options: 
    f = NCONF_get_string(conf, section, ENV_NAMEOPT);



    if (f) {

        if (!set_name_ex(&nameopt, f)) {

        if (!set_nameopt(f)) {

            BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);

            goto end;

        }

        default_op = 0;

    } else {

        nameopt = XN_FLAG_ONELINE;

        ERR_clear_error();

    }



    f = NCONF_get_string(conf, section, ENV_CERTOPT);
@@ -866,7 +863,7 @@ end_of_options: 
            j = certify_spkac(&x, spkac_file, pkey, x509, dgst, sigopts,

                              attribs, db, serial, subj, chtype, multirdn,

                              email_dn, startdate, enddate, days, extensions,

                              conf, verbose, certopt, nameopt, default_op,

                              conf, verbose, certopt, get_nameopt(), default_op,

                              ext_copy);

            if (j < 0)

                goto end;
@@ -891,7 +888,7 @@ end_of_options: 
                             attribs,

                             db, serial, subj, chtype, multirdn, email_dn,

                             startdate, enddate, days, batch, extensions,

                             conf, verbose, certopt, nameopt, default_op,

                             conf, verbose, certopt, get_nameopt(), default_op,

                             ext_copy);

            if (j < 0)

                goto end;
@@ -911,7 +908,7 @@ end_of_options: 
            j = certify(&x, infile, pkey, x509p, dgst, sigopts, attribs, db,

                        serial, subj, chtype, multirdn, email_dn, startdate,

                        enddate, days, batch, extensions, conf, verbose,

                        certopt, nameopt, default_op, ext_copy, selfsign);

                        certopt, get_nameopt(), default_op, ext_copy, selfsign);

            if (j < 0)

                goto end;

            if (j > 0) {
@@ -930,7 +927,7 @@ end_of_options: 
            j = certify(&x, argv[i], pkey, x509p, dgst, sigopts, attribs, db,

                        serial, subj, chtype, multirdn, email_dn, startdate,

                        enddate, days, batch, extensions, conf, verbose,

                        certopt, nameopt, default_op, ext_copy, selfsign);

                        certopt, get_nameopt(), default_op, ext_copy, selfsign);

            if (j < 0)

                goto end;

            if (j > 0) {
@@ -1272,7 +1269,7 @@ static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509, 
        goto end;

    }

    if (verbose)

        X509_REQ_print(bio_err, req);

        X509_REQ_print_ex(bio_err, req, nameopt, X509_FLAG_COMPAT);



    BIO_printf(bio_err, "Check that the request matches the signature\n");

apps/crl.c

+3 −9
Original line number Diff line number Diff line
@@ -69,8 +69,6 @@ int crl_main(int argc, char **argv) 
    X509_OBJECT *xobj = NULL;

    EVP_PKEY *pkey;

    const EVP_MD *digest = EVP_sha1();

    unsigned long nmflag = 0;

    char nmflag_set = 0;

    char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;

    const char *CAfile = NULL, *CApath = NULL, *prog;

    OPTION_CHOICE o;
@@ -169,8 +167,7 @@ int crl_main(int argc, char **argv) 
            badsig = 1;

            break;

        case OPT_NAMEOPT:

            nmflag_set = 1;

            if (!set_name_ex(&nmflag, opt_arg()))

            if (!set_nameopt(opt_arg()))

                goto opthelp;

            break;

        case OPT_MD:
@@ -182,9 +179,6 @@ int crl_main(int argc, char **argv) 
    if (argc != 0)

        goto opthelp;



    if (!nmflag_set)

        nmflag = XN_FLAG_ONELINE;



    x = load_crl(infile, informat);

    if (x == NULL)

        goto end;
@@ -260,7 +254,7 @@ int crl_main(int argc, char **argv) 
        for (i = 1; i <= num; i++) {

            if (issuer == i) {

                print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),

                           nmflag);

                           get_nameopt());

            }

            if (crlnumber == i) {

                ASN1_INTEGER *crlnum;
@@ -319,7 +313,7 @@ int crl_main(int argc, char **argv) 
        goto end;



    if (text)

        X509_CRL_print(out, x);

        X509_CRL_print_ex(out, x, get_nameopt());



    if (noout) {

        ret = 0;

apps/pkcs7.c

+1 −1
Original line number Diff line number Diff line
@@ -163,7 +163,7 @@ int pkcs7_main(int argc, char **argv) 
            for (i = 0; i < sk_X509_CRL_num(crls); i++) {

                crl = sk_X509_CRL_value(crls, i);



                X509_CRL_print(out, crl);

                X509_CRL_print_ex(out, crl, get_nameopt());



                if (!noout)

                    PEM_write_bio_X509_CRL(out, crl);