Add -quiet option to pkcs7 for -print_certs

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17708)

diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index ac2dec152a46f800bf57cd43c90bdb8f2ea4ddeb..a95ea253777d442f1341e3a578b4dfd971ab4c1e 100644 (file)
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -23,8 +23,8 @@
 typedef enum OPTION_choice {
     OPT_COMMON,
     OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT,
-    OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE,
-    OPT_PROV_ENUM
+    OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_QUIET,
+    OPT_ENGINE, OPT_PROV_ENUM
 } OPTION_CHOICE;
 
 const OPTIONS pkcs7_options[] = {
@@ -46,6 +46,8 @@ const OPTIONS pkcs7_options[] = {
     {"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"},
     {"print_certs", OPT_PRINT_CERTS, '-',
      "Print_certs  print any certs or crl in the input"},
+    {"quiet", OPT_QUIET, '-',
+     "When used with -print_certs, it produces a cleaner output"},
 
     OPT_PROV_OPTIONS,
     {NULL}
@@ -58,7 +60,7 @@ int pkcs7_main(int argc, char **argv)
     BIO *in = NULL, *out = NULL;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM;
     char *infile = NULL, *outfile = NULL, *prog;
-    int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1;
+    int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, quiet = 0, ret = 1;
     OPTION_CHOICE o;
     OSSL_LIB_CTX *libctx = app_get0_libctx();
 
@@ -100,6 +102,9 @@ int pkcs7_main(int argc, char **argv)
         case OPT_PRINT_CERTS:
             print_certs = 1;
             break;
+        case OPT_QUIET:
+            quiet = 1;
+            break;
         case OPT_ENGINE:
             e = setup_engine(opt_arg(), 0);
             break;
@@ -171,7 +176,7 @@ int pkcs7_main(int argc, char **argv)
                 x = sk_X509_value(certs, i);
                 if (text)
                     X509_print(out, x);
-                else
+                else if (!quiet)
                     dump_cert_text(out, x);
 
                 if (!noout)

diff --git a/doc/man1/openssl-pkcs7.pod.in b/doc/man1/openssl-pkcs7.pod.in
index efd772d1d438e87c6f457866df11ae5843a7c4ff..eeb5c356f0bc773a3c414a8499d92f0f6a0bdf22 100644 (file)
--- a/doc/man1/openssl-pkcs7.pod.in
+++ b/doc/man1/openssl-pkcs7.pod.in
@@ -19,6 +19,7 @@ B<openssl> B<pkcs7>
 [B<-out> I<filename>]
 [B<-print>]
 [B<-print_certs>]
+[B<-quiet>]
 [B<-text>]
 [B<-noout>]
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
@@ -63,6 +64,11 @@ Print out the full PKCS7 object.
 Prints out any certificates or CRLs contained in the file. They are
 preceded by their subject and issuer names in one line format.
 
+=item B<-quiet>
+
+When used with -print_certs, prints out just the PEM-encoded 
+certificates without any other output. 
+
 =item B<-text>
 
 Prints out certificate details in full rather than just subject and

diff --git a/test/recipes/25-test_pkcs7.t b/test/recipes/25-test_pkcs7.t
index 37cd43dc6bf8cd3a140f314e83697246d4b71063..2905fe8fe07a219847e52265cff6b1a3fffaa674 100644 (file)
--- a/test/recipes/25-test_pkcs7.t
+++ b/test/recipes/25-test_pkcs7.t
@@ -15,10 +15,15 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_pkcs7");
 
-plan tests => 3;
+plan tests => 6;
 
 require_ok(srctop_file('test','recipes','tconversion.pl'));
 
+my @path = qw(test certs);
+my $pemfile = "grfc.pem";
+my $p7file = "grfc.p7b";
+my $out = "grfc.out";
+
 subtest 'pkcs7 conversions -- pkcs7' => sub {
     tconversion( -type => 'p7', -in => srctop_file("test", "testp7.pem"),
                  -args => ["pkcs7"] );
@@ -27,3 +32,11 @@ subtest 'pkcs7 conversions -- pkcs7d' => sub {
     tconversion( -type => 'p7d', -in => srctop_file("test", "pkcs7-1.pem"),
                  -args => ["pkcs7"] );
 };
+ok(run(app(["openssl", "crl2pkcs7", "-nocrl",
+            "-certfile", srctop_file(@path, $pemfile),
+            "-out", $p7file])));
+ok(run(app(["openssl", "pkcs7", "-print_certs", "-quiet",
+            "-in", $p7file,
+            "-out", $out])));
+is(cmp_text($out, srctop_file('test', 'recipes', '25-test_pkcs7_data', 'grfc.out')),
+    0, 'Comparing output');
\ No newline at end of file

diff --git a/test/recipes/25-test_pkcs7_data/grfc.out b/test/recipes/25-test_pkcs7_data/grfc.out
new file mode 100644 (file)
index 0000000..21b7bf7
--- /dev/null
+++ b/test/recipes/25-test_pkcs7_data/grfc.out
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFGDCCBMegAwIBAgIQDIxAk7vmk71DC/UYJgMdBTAIBgYqhQMCAgMwggEWMRgw
+FgYFKoUDZAESDTEwMjc3MzkzMzQ0NzkxGjAYBggqhQMDgQMBARIMMDA3NzA2MjI4
+MjE4MTowOAYDVQQJDDHQlNC10YDQsdC10L3QtdCy0YHQutCw0Y8g0L3QsNCxLiDQ
+tC4gNyDRgdGC0YAuIDE1MR8wHQYJKoZIhvcNAQkBFhBwa2ktZ3JmY0BncmZjLnJ1
+MQswCQYDVQQGEwJSVTEcMBoGA1UECAwTNzcg0LMuINCc0L7RgdC60LLQsDEVMBMG
+A1UEBwwM0JzQvtGB0LrQstCwMRwwGgYDVQQKDBPQpNCT0KPQnyAi0JPQoNCn0KYi
+MSEwHwYDVQQDDBjQo9CmINCk0JPQo9CfICLQk9Cg0KfQpiIwHhcNMTMwMzEyMDcz
+ODI2WhcNMjgwMzEyMDc0NjAwWjCCARYxGDAWBgUqhQNkARINMTAyNzczOTMzNDQ3
+OTEaMBgGCCqFAwOBAwEBEgwwMDc3MDYyMjgyMTgxOjA4BgNVBAkMMdCU0LXRgNCx
+0LXQvdC10LLRgdC60LDRjyDQvdCw0LEuINC0LiA3INGB0YLRgC4gMTUxHzAdBgkq
+hkiG9w0BCQEWEHBraS1ncmZjQGdyZmMucnUxCzAJBgNVBAYTAlJVMRwwGgYDVQQI
+DBM3NyDQsy4g0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQutCy0LAxHDAa
+BgNVBAoME9Ck0JPQo9CfICLQk9Cg0KfQpiIxITAfBgNVBAMMGNCj0KYg0KTQk9Cj
+0J8gItCT0KDQp9CmIjBjMBwGBiqFAwICEzASBgcqhQMCAiMBBgcqhQMCAh4BA0MA
+BECWU7YnkJgff0sdJ+i50FXAYZlpcSz8wO/2AnfCzGC+PMj/NGOKMMWcv8I9eN7W
+eEXwIuRc96StDM8zJigQGd/1o4IB6TCCAeUwNgYFKoUDZG8ELQwrItCa0YDQuNC/
+0YLQvtCf0YDQviBDU1AiICjQstC10YDRgdC40Y8gMy42KTCCATMGBSqFA2RwBIIB
+KDCCASQMKyLQmtGA0LjQv9GC0L7Qn9GA0L4gQ1NQIiAo0LLQtdGA0YHQuNGPIDMu
+NikMUyLQo9C00L7RgdGC0L7QstC10YDRj9GO0YnQuNC5INGG0LXQvdGC0YAgItCa
+0YDQuNC/0YLQvtCf0YDQviDQo9CmIiDQstC10YDRgdC40LggMS41DE/QodC10YDR
+gtC40YTQuNC60LDRgiDRgdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQv
+MTIxLTE4NTkg0L7RgiAxNy4wNi4yMDEyDE/QodC10YDRgtC40YTQuNC60LDRgiDR
+gdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQvMTI4LTE4MjIg0L7RgiAw
+MS4wNi4yMDEyMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBRrAIaDidIAz1a4a+TjNhAeH3KuwzAQBgkrBgEEAYI3FQEEAwIBADAlBgNVHSAE
+HjAcMAgGBiqFA2RxATAIBgYqhQNkcQIwBgYEVR0gADAIBgYqhQMCAgMDQQC9ld1f
+Oit0pSliIMIkqIugExoh9UrWLrE/9VDplqCiyXkJFaJBwGDhHT8ljYj0TGDzD07j
+KW64bgG0AywHjyc3
+-----END CERTIFICATE-----
+