Loading apps/apps.c +1 −0 Original line number Diff line number Diff line Loading @@ -796,6 +796,7 @@ int set_name_ex(unsigned long *flags, const char *arg) { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK}, { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK}, { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK}, { "align", XN_FLAG_FN_ALIGN, 0}, { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK}, { "space_eq", XN_FLAG_SPC_EQ, 0}, { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0}, Loading apps/openssl.cnf +5 −0 Original line number Diff line number Diff line Loading @@ -48,6 +48,11 @@ RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert # Comment out the following two lines for the "traditional" # (and highly broken) format. name_opt = ca_default # Subject Name options cert_opt = ca_default # Certificate field options # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. # crl_extensions = crl_ext Loading doc/apps/ca.pod +23 −4 Original line number Diff line number Diff line Loading @@ -317,6 +317,23 @@ the same as B<-msie_hack> the same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section for more information. =item B<nameopt>, B<certopt> these options allow the format used to display the certificate details when asking the user to confirm signing. All the options supported by the B<x509> utilities B<-nameopt> and B<-certopt> switches can be used here, except the B<no_signame> and B<no_sigdump> are permanently set and cannot be disabled (this is because the certificate signature cannot be displayed because the certificate has not been signed at this point). For convenience the values B<default_ca> are accepted by both to produce a reasonable output. If neither option is present the format used in earlier versions of OpenSSL is used. Use of the old format is B<strongly> discouraged because it only displays fields mentioned in the B<policy> section, mishandles multicharacter string types and does not display extensions. =back =head1 POLICY FORMAT Loading Loading @@ -407,6 +424,9 @@ A sample configuration file with the relevant sections for B<ca>: policy = policy_any # default policy nameopt = default_ca # Subject name display option certopt = default_ca # Certificate display option [ policy_any ] countryName = supplied stateOrProvinceName = optional Loading @@ -420,7 +440,7 @@ A sample configuration file with the relevant sections for B<ca>: The B<ca> command is quirky and at times downright unfriendly. The B<ca> utility was originally meant as an example of how to do things in a CA. It was not supposed be be used as a full blown CA itself: in a CA. It was not supposed to be used as a full blown CA itself: nevertheless some people are using it for this purpose. The B<ca> command is effectively a single user command: no locking is Loading Loading @@ -487,9 +507,8 @@ exposed at either a command or interface level so a more friendly utility B<CA.pl> help a little but not very much. Any fields in a request that are not present in a policy are silently deleted. This does not happen if the B<-preserveDN> option is used but the extra fields are not displayed when the user is asked to certify a request. The behaviour should be more friendly and configurable. deleted. This does not happen if the B<-preserveDN> option is used. The behaviour should be more friendly and configurable. Cancelling some commands by refusing to certify a certificate can create an empty file. Loading doc/apps/x509.pod +23 −9 Original line number Diff line number Diff line Loading @@ -115,9 +115,10 @@ any extensions present and any trust settings. =item B<-certopt option> customise the output format used with B<-text>. This option may be used more than once to set multiple options. See the B<OUTPUT OPTIONS> section for more information. customise the output format used with B<-text>. The B<option> argument can be a single option or multiple options separated by commas. The B<-certopt> switch may be also be used more than once to set multiple options. See the B<TEXT OPTIONS> section for more information. =item B<-noout> Loading Loading @@ -148,9 +149,10 @@ outputs the issuer name. =item B<-nameopt option> option which determines how the subject or issuer names are displayed. This option may be used more than once to set multiple options. See the B<NAME OPTIONS> section for more information. option which determines how the subject or issuer names are displayed. The B<option> argument can be a single option or multiple options separated by commas. Alternatively the B<-nameopt> switch may be used more than once to set multiple options. See the B<NAME OPTIONS> section for more information. =item B<-email> Loading Loading @@ -390,7 +392,7 @@ options. =item B<multiline> a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>, B<spc_eq> and B<lname>. B<spc_eq>, B<lname> and B<align>. =item B<esc_2253> Loading Loading @@ -485,6 +487,11 @@ not display the field at all. B<sname> uses the "short name" form B<oid> represents the OID in numerical form and is useful for diagnostic purpose. =item B<align> align field values for a more readable output. Only usable with B<sep_multiline>. =item B<spc_eq> places spaces round the B<=> character which follows the field Loading @@ -492,7 +499,7 @@ name. =back =head1 OUTPUT OPTIONS =head1 TEXT OPTIONS As well as customising the name output format, it is also possible to customise the actual fields printed using the B<certopt> options when Loading Loading @@ -562,6 +569,13 @@ ASN1 parse unsupported extensions. hex dump unsupported extensions. =item B<ca_default> the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>, B<no_header>, B<no_version>, B<no_sigdump> and B<no_signame>. =over 4 =back Loading Loading @@ -590,7 +604,7 @@ Display the certificate subject name in RFC2253 form: Display the certificate subject name in oneline form on a terminal supporting UTF8: openssl x509 -in cert.pem -noout -subject -nameopt oneline -nameopt -escmsb openssl x509 -in cert.pem -noout -subject -nameopt oneline,-escmsb Display the certificate MD5 fingerprint: Loading Loading
apps/apps.c +1 −0 Original line number Diff line number Diff line Loading @@ -796,6 +796,7 @@ int set_name_ex(unsigned long *flags, const char *arg) { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK}, { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK}, { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK}, { "align", XN_FLAG_FN_ALIGN, 0}, { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK}, { "space_eq", XN_FLAG_SPC_EQ, 0}, { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0}, Loading
apps/openssl.cnf +5 −0 Original line number Diff line number Diff line Loading @@ -48,6 +48,11 @@ RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert # Comment out the following two lines for the "traditional" # (and highly broken) format. name_opt = ca_default # Subject Name options cert_opt = ca_default # Certificate field options # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. # crl_extensions = crl_ext Loading
doc/apps/ca.pod +23 −4 Original line number Diff line number Diff line Loading @@ -317,6 +317,23 @@ the same as B<-msie_hack> the same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section for more information. =item B<nameopt>, B<certopt> these options allow the format used to display the certificate details when asking the user to confirm signing. All the options supported by the B<x509> utilities B<-nameopt> and B<-certopt> switches can be used here, except the B<no_signame> and B<no_sigdump> are permanently set and cannot be disabled (this is because the certificate signature cannot be displayed because the certificate has not been signed at this point). For convenience the values B<default_ca> are accepted by both to produce a reasonable output. If neither option is present the format used in earlier versions of OpenSSL is used. Use of the old format is B<strongly> discouraged because it only displays fields mentioned in the B<policy> section, mishandles multicharacter string types and does not display extensions. =back =head1 POLICY FORMAT Loading Loading @@ -407,6 +424,9 @@ A sample configuration file with the relevant sections for B<ca>: policy = policy_any # default policy nameopt = default_ca # Subject name display option certopt = default_ca # Certificate display option [ policy_any ] countryName = supplied stateOrProvinceName = optional Loading @@ -420,7 +440,7 @@ A sample configuration file with the relevant sections for B<ca>: The B<ca> command is quirky and at times downright unfriendly. The B<ca> utility was originally meant as an example of how to do things in a CA. It was not supposed be be used as a full blown CA itself: in a CA. It was not supposed to be used as a full blown CA itself: nevertheless some people are using it for this purpose. The B<ca> command is effectively a single user command: no locking is Loading Loading @@ -487,9 +507,8 @@ exposed at either a command or interface level so a more friendly utility B<CA.pl> help a little but not very much. Any fields in a request that are not present in a policy are silently deleted. This does not happen if the B<-preserveDN> option is used but the extra fields are not displayed when the user is asked to certify a request. The behaviour should be more friendly and configurable. deleted. This does not happen if the B<-preserveDN> option is used. The behaviour should be more friendly and configurable. Cancelling some commands by refusing to certify a certificate can create an empty file. Loading
doc/apps/x509.pod +23 −9 Original line number Diff line number Diff line Loading @@ -115,9 +115,10 @@ any extensions present and any trust settings. =item B<-certopt option> customise the output format used with B<-text>. This option may be used more than once to set multiple options. See the B<OUTPUT OPTIONS> section for more information. customise the output format used with B<-text>. The B<option> argument can be a single option or multiple options separated by commas. The B<-certopt> switch may be also be used more than once to set multiple options. See the B<TEXT OPTIONS> section for more information. =item B<-noout> Loading Loading @@ -148,9 +149,10 @@ outputs the issuer name. =item B<-nameopt option> option which determines how the subject or issuer names are displayed. This option may be used more than once to set multiple options. See the B<NAME OPTIONS> section for more information. option which determines how the subject or issuer names are displayed. The B<option> argument can be a single option or multiple options separated by commas. Alternatively the B<-nameopt> switch may be used more than once to set multiple options. See the B<NAME OPTIONS> section for more information. =item B<-email> Loading Loading @@ -390,7 +392,7 @@ options. =item B<multiline> a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>, B<spc_eq> and B<lname>. B<spc_eq>, B<lname> and B<align>. =item B<esc_2253> Loading Loading @@ -485,6 +487,11 @@ not display the field at all. B<sname> uses the "short name" form B<oid> represents the OID in numerical form and is useful for diagnostic purpose. =item B<align> align field values for a more readable output. Only usable with B<sep_multiline>. =item B<spc_eq> places spaces round the B<=> character which follows the field Loading @@ -492,7 +499,7 @@ name. =back =head1 OUTPUT OPTIONS =head1 TEXT OPTIONS As well as customising the name output format, it is also possible to customise the actual fields printed using the B<certopt> options when Loading Loading @@ -562,6 +569,13 @@ ASN1 parse unsupported extensions. hex dump unsupported extensions. =item B<ca_default> the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>, B<no_header>, B<no_version>, B<no_sigdump> and B<no_signame>. =over 4 =back Loading Loading @@ -590,7 +604,7 @@ Display the certificate subject name in RFC2253 form: Display the certificate subject name in oneline form on a terminal supporting UTF8: openssl x509 -in cert.pem -noout -subject -nameopt oneline -nameopt -escmsb openssl x509 -in cert.pem -noout -subject -nameopt oneline,-escmsb Display the certificate MD5 fingerprint: Loading
