From: Dmitry Belyavskiy Date: Tue, 25 Apr 2017 16:25:42 +0000 (-0400) Subject: Switch command-line utils to new nameopt API. X-Git-Tag: OpenSSL_1_1_1-pre1~1679 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=b5c4209be9162d4ceafb9aef833ca94ffa1cc5c9 Switch command-line utils to new nameopt API. The CA names should be printed according to user's decision print_name instead of set of BIO_printf dump_cert_text instead of set of BIO_printf Testing cyrillic output of X509_CRL_print_ex Write and use X509_CRL_print_ex Reduce usage of X509_NAME_online Using X509_REQ_print_ex instead of X509_REQ_print Fix nameopt processing. Make dump_cert_text nameopt-friendly Move nameopt getter/setter to apps/apps.c Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/3262) --- diff --git a/apps/apps.c b/apps/apps.c index 216bc797df..c66b89cff4 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -149,20 +149,30 @@ int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path) #endif -int dump_cert_text(BIO *out, X509 *x) +static unsigned long nmflag = 0; +static char nmflag_set = 0; + +int set_nameopt(const char *arg) { - char *p; + int ret = set_name_ex(&nmflag, arg); + + if (ret) + nmflag_set = 1; + + return ret; +} - p = X509_NAME_oneline(X509_get_subject_name(x), NULL, 0); - BIO_puts(out, "subject="); - BIO_puts(out, p); - OPENSSL_free(p); +unsigned long get_nameopt(void) +{ + return (nmflag_set) ? nmflag : XN_FLAG_ONELINE; +} - p = X509_NAME_oneline(X509_get_issuer_name(x), NULL, 0); - BIO_puts(out, "\nissuer="); - BIO_puts(out, p); +int dump_cert_text(BIO *out, X509 *x) +{ + print_name(out, "subject=", X509_get_subject_name(x), get_nameopt()); + BIO_puts(out, "\n"); + print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt()); BIO_puts(out, "\n"); - OPENSSL_free(p); return 0; } diff --git a/apps/apps.h b/apps/apps.h index e7c860f1b4..a8de2dc0aa 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -400,6 +400,8 @@ void print_name(BIO *out, const char *title, X509_NAME *nm, void print_bignum_var(BIO *, const BIGNUM *, const char*, int, unsigned char *); void print_array(BIO *, const char *, int, const unsigned char *); +int set_nameopt(const char *arg); +unsigned long get_nameopt(void); int set_cert_ex(unsigned long *flags, const char *arg); int set_name_ex(unsigned long *flags, const char *arg); int set_ext_copy(int *copy_type, const char *arg); diff --git a/apps/ca.c b/apps/ca.c index 6a615ed55e..102ff87d6f 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -258,7 +258,7 @@ int ca_main(int argc, char **argv) int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0; int i, j, selfsign = 0; long crldays = 0, crlhours = 0, crlsec = 0, days = 0; - unsigned long chtype = MBSTRING_ASC, nameopt = 0, certopt = 0; + unsigned long chtype = MBSTRING_ASC, certopt = 0; X509 *x509 = NULL, *x509p = NULL, *x = NULL; REVINFO_TYPE rev_type = REV_NONE; X509_REVOKED *r = NULL; @@ -569,14 +569,11 @@ end_of_options: f = NCONF_get_string(conf, section, ENV_NAMEOPT); if (f) { - if (!set_name_ex(&nameopt, f)) { + if (!set_nameopt(f)) { BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f); goto end; } default_op = 0; - } else { - nameopt = XN_FLAG_ONELINE; - ERR_clear_error(); } f = NCONF_get_string(conf, section, ENV_CERTOPT); @@ -866,7 +863,7 @@ end_of_options: j = certify_spkac(&x, spkac_file, pkey, x509, dgst, sigopts, attribs, db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, extensions, - conf, verbose, certopt, nameopt, default_op, + conf, verbose, certopt, get_nameopt(), default_op, ext_copy); if (j < 0) goto end; @@ -891,7 +888,7 @@ end_of_options: attribs, db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch, extensions, - conf, verbose, certopt, nameopt, default_op, + conf, verbose, certopt, get_nameopt(), default_op, ext_copy); if (j < 0) goto end; @@ -911,7 +908,7 @@ end_of_options: j = certify(&x, infile, pkey, x509p, dgst, sigopts, attribs, db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch, extensions, conf, verbose, - certopt, nameopt, default_op, ext_copy, selfsign); + certopt, get_nameopt(), default_op, ext_copy, selfsign); if (j < 0) goto end; if (j > 0) { @@ -930,7 +927,7 @@ end_of_options: j = certify(&x, argv[i], pkey, x509p, dgst, sigopts, attribs, db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch, extensions, conf, verbose, - certopt, nameopt, default_op, ext_copy, selfsign); + certopt, get_nameopt(), default_op, ext_copy, selfsign); if (j < 0) goto end; if (j > 0) { @@ -1272,7 +1269,7 @@ static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509, goto end; } if (verbose) - X509_REQ_print(bio_err, req); + X509_REQ_print_ex(bio_err, req, nameopt, X509_FLAG_COMPAT); BIO_printf(bio_err, "Check that the request matches the signature\n"); diff --git a/apps/crl.c b/apps/crl.c index 3847faa427..ce589bbc1d 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -69,8 +69,6 @@ int crl_main(int argc, char **argv) X509_OBJECT *xobj = NULL; EVP_PKEY *pkey; const EVP_MD *digest = EVP_sha1(); - unsigned long nmflag = 0; - char nmflag_set = 0; char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL; const char *CAfile = NULL, *CApath = NULL, *prog; OPTION_CHOICE o; @@ -169,8 +167,7 @@ int crl_main(int argc, char **argv) badsig = 1; break; case OPT_NAMEOPT: - nmflag_set = 1; - if (!set_name_ex(&nmflag, opt_arg())) + if (!set_nameopt(opt_arg())) goto opthelp; break; case OPT_MD: @@ -182,9 +179,6 @@ int crl_main(int argc, char **argv) if (argc != 0) goto opthelp; - if (!nmflag_set) - nmflag = XN_FLAG_ONELINE; - x = load_crl(infile, informat); if (x == NULL) goto end; @@ -260,7 +254,7 @@ int crl_main(int argc, char **argv) for (i = 1; i <= num; i++) { if (issuer == i) { print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), - nmflag); + get_nameopt()); } if (crlnumber == i) { ASN1_INTEGER *crlnum; @@ -319,7 +313,7 @@ int crl_main(int argc, char **argv) goto end; if (text) - X509_CRL_print(out, x); + X509_CRL_print_ex(out, x, get_nameopt()); if (noout) { ret = 0; diff --git a/apps/pkcs7.c b/apps/pkcs7.c index 22681085fc..45e9c7df89 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -163,7 +163,7 @@ int pkcs7_main(int argc, char **argv) for (i = 0; i < sk_X509_CRL_num(crls); i++) { crl = sk_X509_CRL_value(crls, i); - X509_CRL_print(out, crl); + X509_CRL_print_ex(out, crl, get_nameopt()); if (!noout) PEM_write_bio_X509_CRL(out, crl); diff --git a/apps/req.c b/apps/req.c index ddb0fdce99..f1dba66041 100644 --- a/apps/req.c +++ b/apps/req.c @@ -163,8 +163,7 @@ int req_main(int argc, char **argv) int modulus = 0, multirdn = 0, verify = 0, noout = 0, text = 0; int nodes = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0; long newkey = -1; - unsigned long chtype = MBSTRING_ASC, nmflag = 0, reqflag = 0; - char nmflag_set = 0; + unsigned long chtype = MBSTRING_ASC, reqflag = 0; #ifndef OPENSSL_NO_DES cipher = EVP_des_ede3_cbc(); @@ -277,8 +276,7 @@ int req_main(int argc, char **argv) chtype = MBSTRING_UTF8; break; case OPT_NAMEOPT: - nmflag_set = 1; - if (!set_name_ex(&nmflag, opt_arg())) + if (!set_nameopt(opt_arg())) goto opthelp; break; case OPT_REQOPT: @@ -333,9 +331,6 @@ int req_main(int argc, char **argv) if (argc != 0) goto opthelp; - if (!nmflag_set) - nmflag = XN_FLAG_ONELINE; - /* TODO: simplify this as pkey is still always NULL here */ private = newreq && (pkey == NULL) ? 1 : 0; @@ -695,7 +690,7 @@ int req_main(int argc, char **argv) if (verbose) { BIO_printf(bio_err, "Modifying Request's Subject\n"); print_name(bio_err, "old subject=", - X509_REQ_get_subject_name(req), nmflag); + X509_REQ_get_subject_name(req), get_nameopt()); } if (build_subject(req, subj, chtype, multirdn) == 0) { @@ -706,7 +701,7 @@ int req_main(int argc, char **argv) if (verbose) { print_name(bio_err, "new subject=", - X509_REQ_get_subject_name(req), nmflag); + X509_REQ_get_subject_name(req), get_nameopt()); } } @@ -755,18 +750,18 @@ int req_main(int argc, char **argv) if (text) { if (x509) - X509_print_ex(out, x509ss, nmflag, reqflag); + X509_print_ex(out, x509ss, get_nameopt(), reqflag); else - X509_REQ_print_ex(out, req, nmflag, reqflag); + X509_REQ_print_ex(out, req, get_nameopt(), reqflag); } if (subject) { if (x509) print_name(out, "subject=", X509_get_subject_name(x509ss), - nmflag); + get_nameopt()); else print_name(out, "subject=", X509_REQ_get_subject_name(req), - nmflag); + get_nameopt()); } if (modulus) { diff --git a/apps/s_apps.h b/apps/s_apps.h index 38c6b67d9d..07b5a7ae4e 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -44,8 +44,6 @@ int should_retry(int i); long bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); -int set_nameopt(const char *arg); - #ifdef HEADER_SSL_H void apps_ssl_info_callback(const SSL *s, int where, int ret); void msg_cb(int write_p, int version, int content_type, const void *buf, diff --git a/apps/s_cb.c b/apps/s_cb.c index 1b68164485..edbc2b85c2 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -33,12 +33,6 @@ static unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; static int cookie_initialized = 0; #endif static BIO *bio_keylog = NULL; -static unsigned long nmflag = XN_FLAG_ONELINE; - -int set_nameopt(const char *arg) -{ - return set_name_ex(&nmflag, arg); -} static const char *lookup(int val, const STRINT_PAIR* list, const char* def) { @@ -62,7 +56,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) if (err_cert) { X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), - 0, nmflag); + 0, get_nameopt()); BIO_puts(bio_err, "\n"); } else BIO_puts(bio_err, "\n"); @@ -83,7 +77,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: BIO_puts(bio_err, "issuer= "); X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), - 0, nmflag); + 0, get_nameopt()); BIO_puts(bio_err, "\n"); break; case X509_V_ERR_CERT_NOT_YET_VALID: @@ -836,7 +830,7 @@ static int set_cert_cb(SSL *ssl, void *arg) rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain); BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i); X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0, - nmflag); + get_nameopt()); BIO_puts(bio_err, "\n"); print_chain_flags(ssl, rv); if (rv & CERT_PKEY_VALID) { @@ -1125,7 +1119,7 @@ void print_ssl_summary(SSL *s) BIO_puts(bio_err, "Peer certificate: "); X509_NAME_print_ex(bio_err, X509_get_subject_name(peer), - 0, nmflag); + 0, get_nameopt()); BIO_puts(bio_err, "\n"); if (SSL_get_peer_signature_nid(s, &nid)) BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid)); @@ -1440,7 +1434,7 @@ void print_ca_names(BIO *bio, SSL *s) BIO_printf(bio, "---\nAcceptable %s certificate CA names\n",cs); for (i = 0; i < sk_X509_NAME_num(sk); i++) { - X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, XN_FLAG_ONELINE); + X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, get_nameopt()); BIO_write(bio, "\n", 1); } } diff --git a/apps/s_client.c b/apps/s_client.c index 52b99ce7a7..efdc8e3ef3 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2849,7 +2849,6 @@ int s_client_main(int argc, char **argv) static void print_stuff(BIO *bio, SSL *s, int full) { X509 *peer = NULL; - char buf[BUFSIZ]; STACK_OF(X509) *sk; const SSL_CIPHER *c; int i; @@ -2870,12 +2869,12 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_printf(bio, "---\nCertificate chain\n"); for (i = 0; i < sk_X509_num(sk); i++) { - X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)), - buf, sizeof buf); - BIO_printf(bio, "%2d s:%s\n", i, buf); - X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)), - buf, sizeof buf); - BIO_printf(bio, " i:%s\n", buf); + BIO_printf(bio, "%2d s:", i); + X509_NAME_print_ex(bio, X509_get_subject_name(sk_X509_value(sk, i)), 0, get_nameopt()); + BIO_puts(bio, "\n"); + BIO_printf(bio, " i:"); + X509_NAME_print_ex(bio, X509_get_issuer_name(sk_X509_value(sk, i)), 0, get_nameopt()); + BIO_puts(bio, "\n"); if (c_showcerts) PEM_write_bio_X509(bio, sk_X509_value(sk, i)); } @@ -2889,10 +2888,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) /* Redundant if we showed the whole chain */ if (!(c_showcerts && got_a_chain)) PEM_write_bio_X509(bio, peer); - X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); - BIO_printf(bio, "subject=%s\n", buf); - X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); - BIO_printf(bio, "issuer=%s\n", buf); + dump_cert_text(bio, peer); } else { BIO_printf(bio, "no peer certificate available\n"); } diff --git a/apps/s_server.c b/apps/s_server.c index d842fb8f53..46316630be 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2728,10 +2728,7 @@ static void print_connection_info(SSL *con) if (peer != NULL) { BIO_printf(bio_s_out, "Client certificate\n"); PEM_write_bio_X509(bio_s_out, peer); - X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); - BIO_printf(bio_s_out, "subject=%s\n", buf); - X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); - BIO_printf(bio_s_out, "issuer=%s\n", buf); + dump_cert_text(bio_s_out, peer); X509_free(peer); peer = NULL; } diff --git a/apps/verify.c b/apps/verify.c index a4eb465739..c31695c1b9 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -22,7 +22,6 @@ static int check(X509_STORE *ctx, const char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, STACK_OF(X509_CRL) *crls, int show_chain); static int v_verbose = 0, vflags = 0; -static unsigned long nmflag = 0; typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -70,7 +69,6 @@ int verify_main(int argc, char **argv) const char *prog, *CApath = NULL, *CAfile = NULL; int noCApath = 0, noCAfile = 0; int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1; - char nmflag_set = 0; OPTION_CHOICE o; if ((vpm = X509_VERIFY_PARAM_new()) == NULL) @@ -153,8 +151,7 @@ int verify_main(int argc, char **argv) show_chain = 1; break; case OPT_NAMEOPT: - nmflag_set = 1; - if (!set_name_ex(&nmflag, opt_arg())) + if (!set_nameopt(opt_arg())) goto end; break; case OPT_VERBOSE: @@ -171,9 +168,6 @@ int verify_main(int argc, char **argv) goto end; } - if (!nmflag_set) - nmflag = XN_FLAG_ONELINE; - if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL) goto end; X509_STORE_set_verify_cb(store, cb); @@ -253,7 +247,7 @@ static int check(X509_STORE *ctx, const char *file, printf("depth=%d: ", j); X509_NAME_print_ex_fp(stdout, X509_get_subject_name(cert), - 0, nmflag); + 0, get_nameopt()); if (j < num_untrusted) printf(" (untrusted)"); printf("\n"); @@ -282,7 +276,7 @@ static int cb(int ok, X509_STORE_CTX *ctx) if (current_cert) { X509_NAME_print_ex(bio_err, X509_get_subject_name(current_cert), - 0, nmflag); + 0, get_nameopt()); BIO_printf(bio_err, "\n"); } BIO_printf(bio_err, "%serror %d at %d depth lookup: %s\n", diff --git a/apps/x509.c b/apps/x509.c index 182cfb055d..41d6e4aa28 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -160,7 +160,7 @@ int x509_main(int argc, char **argv) char *checkhost = NULL, *checkemail = NULL, *checkip = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passinarg = NULL; char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL; - char buf[256], *prog; + char *prog; int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0, pprint = 0; int C = 0, CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM; int fingerprint = 0, reqfile = 0, need_rand = 0, checkend = 0; @@ -172,8 +172,7 @@ int x509_main(int argc, char **argv) int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0; int enddate = 0; time_t checkoffset = 0; - unsigned long nmflag = 0, certflag = 0; - char nmflag_set = 0; + unsigned long certflag = 0; OPTION_CHOICE o; ENGINE *e = NULL; #ifndef OPENSSL_NO_MD5 @@ -308,8 +307,7 @@ int x509_main(int argc, char **argv) goto opthelp; break; case OPT_NAMEOPT: - nmflag_set = 1; - if (!set_name_ex(&nmflag, opt_arg())) + if (!set_nameopt(opt_arg())) goto opthelp; break; case OPT_ENGINE: @@ -447,9 +445,6 @@ int x509_main(int argc, char **argv) goto opthelp; } - if (!nmflag_set) - nmflag = XN_FLAG_ONELINE; - out = bio_open_default(outfile, 'w', outformat); if (out == NULL) goto end; @@ -539,7 +534,7 @@ int x509_main(int argc, char **argv) BIO_printf(bio_err, "Signature ok\n"); print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), - nmflag); + get_nameopt()); if ((x = X509_new()) == NULL) goto end; @@ -618,10 +613,10 @@ int x509_main(int argc, char **argv) if (num) { for (i = 1; i <= num; i++) { if (issuer == i) { - print_name(out, "issuer=", X509_get_issuer_name(x), nmflag); + print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt()); } else if (subject == i) { print_name(out, "subject=", - X509_get_subject_name(x), nmflag); + X509_get_subject_name(x), get_nameopt()); } else if (serial == i) { BIO_printf(out, "serial="); i2a_ASN1_INTEGER(out, X509_get_serialNumber(x)); @@ -726,13 +721,10 @@ int x509_main(int argc, char **argv) char *m; int len; - X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf); - BIO_printf(out, "/*\n" - " * Subject: %s\n", buf); - - X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof buf); - BIO_printf(out, " * Issuer: %s\n" - " */\n", buf); + print_name(out, "/*\n" + " * Subject: ", X509_get_subject_name(x), get_nameopt()); + print_name(out, " * Issuer: ", X509_get_issuer_name(x), get_nameopt()); + BIO_puts(out, " */\n"); len = i2d_X509(x, NULL); m = app_malloc(len, "x509 name buffer"); @@ -747,7 +739,7 @@ int x509_main(int argc, char **argv) print_array(out, "the_certificate", len, (unsigned char *)m); OPENSSL_free(m); } else if (text == i) { - X509_print_ex(out, x, nmflag, certflag); + X509_print_ex(out, x, get_nameopt(), certflag); } else if (startdate == i) { BIO_puts(out, "notBefore="); ASN1_TIME_print(out, X509_get0_notBefore(x)); @@ -828,7 +820,7 @@ int x509_main(int argc, char **argv) goto end; } if (!noout) { - X509_REQ_print(out, rq); + X509_REQ_print_ex(out, rq, get_nameopt(), X509_FLAG_COMPAT); PEM_write_bio_X509_REQ(out, rq); } noout = 1; diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c index f3ca6db8e5..3c073ffd29 100644 --- a/crypto/x509/t_crl.c +++ b/crypto/x509/t_crl.c @@ -33,6 +33,11 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x) #endif int X509_CRL_print(BIO *out, X509_CRL *x) +{ + return X509_CRL_print_ex(out, x, XN_FLAG_COMPAT); +} + +int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag) { STACK_OF(X509_REVOKED) *rev; X509_REVOKED *r; @@ -40,7 +45,6 @@ int X509_CRL_print(BIO *out, X509_CRL *x) const ASN1_BIT_STRING *sig; long l; int i; - char *p; BIO_printf(out, "Certificate Revocation List (CRL):\n"); l = X509_CRL_get_version(x); @@ -50,9 +54,9 @@ int X509_CRL_print(BIO *out, X509_CRL *x) BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l); X509_CRL_get0_signature(x, &sig, &sig_alg); X509_signature_print(out, sig_alg, NULL); - p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0); - BIO_printf(out, "%8sIssuer: %s\n", "", p); - OPENSSL_free(p); + BIO_printf(out, "%8sIssuer: ", ""); + X509_NAME_print_ex(out, X509_CRL_get_issuer(x), 0, nmflag); + BIO_puts(out, "\n"); BIO_printf(out, "%8sLast Update: ", ""); ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x)); BIO_printf(out, "\n%8sNext Update: ", ""); diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 49ad143bd2..a6aabebd9c 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -773,6 +773,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, unsigned long cflag); int X509_print(BIO *bp, X509 *x); int X509_ocspid_print(BIO *bp, X509 *x); +int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag); int X509_CRL_print(BIO *bp, X509_CRL *x); int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag); diff --git a/test/certs/cyrillic_crl.pem b/test/certs/cyrillic_crl.pem new file mode 100644 index 0000000000..5ba2b2c977 --- /dev/null +++ b/test/certs/cyrillic_crl.pem @@ -0,0 +1,13 @@ +-----BEGIN X509 CRL----- +MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCUlUxFTATBgNV +BAgMDNCc0L7RgdC60LLQsDELMAkGA1UECgwC0K8xCzAJBgNVBAsMAtCvMSowKAYD +VQQDDCHQlNC80LjRgtGA0LjQuSDQkdC10LvRj9Cy0YHQutC40LkxIjAgBgkqhkiG +9w0BCQEWE2JlbGRtaXRAZXhhbXBsZS5jb20XDTE3MDQyNDEzMjUzMVoXDTE3MDUy +NDEzMjUzMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCF5eX+ +1BM/BxoHU2/3pQHJgPSKevN0/K/daiFHiJl7Kb9GCwKY14B1RvbN2rUP/58Mt+aq +jvauf1yBzlaJQeJKZcsCmG9p6Tr1y0BJXhrq5kC0SLyNDsfGUTfuxnwmo+clHXRU ++gKuk+h0WkJL022ZYbJ38w588k4NT3CWVHeE23EDC264p942mlDE7en6MyL152Pe +Ld9YrWiq5iOIOrIbQLErq0EjwxvHG9sMiYFUa6VrwmRf26nyZ7u9RKJDP+o2dltw +diBaSXC3Qt3pZ8BIfv/l81lwp8Dr63SwCII2pIRplyICdQqmX/a+1q8kThXIP2Kx ++X48g7VE2o2X4cfy +-----END X509 CRL----- diff --git a/test/certs/cyrillic_crl.utf8 b/test/certs/cyrillic_crl.utf8 new file mode 100644 index 0000000000..07dcf75160 --- /dev/null +++ b/test/certs/cyrillic_crl.utf8 @@ -0,0 +1,39 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=RU, ST=Москва, O=Я, OU=Я, CN=Дмитрий Белявский, emailAddress=beldmit@example.com + Last Update: Apr 24 13:25:31 2017 GMT + Next Update: May 24 13:25:31 2017 GMT + CRL extensions: + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha256WithRSAEncryption + 85:e5:e5:fe:d4:13:3f:07:1a:07:53:6f:f7:a5:01:c9:80:f4: + 8a:7a:f3:74:fc:af:dd:6a:21:47:88:99:7b:29:bf:46:0b:02: + 98:d7:80:75:46:f6:cd:da:b5:0f:ff:9f:0c:b7:e6:aa:8e:f6: + ae:7f:5c:81:ce:56:89:41:e2:4a:65:cb:02:98:6f:69:e9:3a: + f5:cb:40:49:5e:1a:ea:e6:40:b4:48:bc:8d:0e:c7:c6:51:37: + ee:c6:7c:26:a3:e7:25:1d:74:54:fa:02:ae:93:e8:74:5a:42: + 4b:d3:6d:99:61:b2:77:f3:0e:7c:f2:4e:0d:4f:70:96:54:77: + 84:db:71:03:0b:6e:b8:a7:de:36:9a:50:c4:ed:e9:fa:33:22: + f5:e7:63:de:2d:df:58:ad:68:aa:e6:23:88:3a:b2:1b:40:b1: + 2b:ab:41:23:c3:1b:c7:1b:db:0c:89:81:54:6b:a5:6b:c2:64: + 5f:db:a9:f2:67:bb:bd:44:a2:43:3f:ea:36:76:5b:70:76:20: + 5a:49:70:b7:42:dd:e9:67:c0:48:7e:ff:e5:f3:59:70:a7:c0: + eb:eb:74:b0:08:82:36:a4:84:69:97:22:02:75:0a:a6:5f:f6: + be:d6:af:24:4e:15:c8:3f:62:b1:f9:7e:3c:83:b5:44:da:8d: + 97:e1:c7:f2 +-----BEGIN X509 CRL----- +MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCUlUxFTATBgNV +BAgMDNCc0L7RgdC60LLQsDELMAkGA1UECgwC0K8xCzAJBgNVBAsMAtCvMSowKAYD +VQQDDCHQlNC80LjRgtGA0LjQuSDQkdC10LvRj9Cy0YHQutC40LkxIjAgBgkqhkiG +9w0BCQEWE2JlbGRtaXRAZXhhbXBsZS5jb20XDTE3MDQyNDEzMjUzMVoXDTE3MDUy +NDEzMjUzMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCF5eX+ +1BM/BxoHU2/3pQHJgPSKevN0/K/daiFHiJl7Kb9GCwKY14B1RvbN2rUP/58Mt+aq +jvauf1yBzlaJQeJKZcsCmG9p6Tr1y0BJXhrq5kC0SLyNDsfGUTfuxnwmo+clHXRU ++gKuk+h0WkJL022ZYbJ38w588k4NT3CWVHeE23EDC264p942mlDE7en6MyL152Pe +Ld9YrWiq5iOIOrIbQLErq0EjwxvHG9sMiYFUa6VrwmRf26nyZ7u9RKJDP+o2dltw +diBaSXC3Qt3pZ8BIfv/l81lwp8Dr63SwCII2pIRplyICdQqmX/a+1q8kThXIP2Kx ++X48g7VE2o2X4cfy +-----END X509 CRL----- diff --git a/test/recipes/25-test_crl.t b/test/recipes/25-test_crl.t index e8ce5f8552..456accbc2d 100644 --- a/test/recipes/25-test_crl.t +++ b/test/recipes/25-test_crl.t @@ -15,10 +15,14 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_crl"); -plan tests => 5; +plan tests => 7; require_ok(srctop_file('test','recipes','tconversion.pl')); +my $pem = srctop_file("test/certs", "cyrillic_crl.pem"); +my $out = "cyrillic_crl.out"; +my $utf = srctop_file("test/certs", "cyrillic_crl.utf8"); + subtest 'crl conversions' => sub { tconversion("crl", srctop_file("test","testcrl.pem")); }; @@ -32,6 +36,12 @@ ok(compare1stline([qw{openssl crl -noout -fingerprint -sha256 -in}, srctop_file('test', 'testcrl.pem')], 'SHA256 Fingerprint=B3:A9:FD:A7:2E:8C:3D:DF:D0:F1:C3:1A:96:60:B5:FD:B0:99:7C:7F:0E:E4:34:F5:DB:87:62:36:BC:F1:BC:1B')); +ok(run(app(["openssl", "crl", "-text", "-in", $pem, "-out", $out, + "-nameopt", "utf8"]))); +is(cmp_text($out, srctop_file("test/certs", "cyrillic_crl.utf8")), + 0, 'Comparing utf8 output'); +unlink $out; + sub compare1stline { my ($cmdarray, $str) = @_; my @lines = run(app($cmdarray), capture => 1); diff --git a/util/libcrypto.num b/util/libcrypto.num index 14c4c6a0d1..9540d6f683 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4272,3 +4272,4 @@ ZINT64_it 4215 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTIO ZINT64_it 4215 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: CRYPTO_mem_leaks_cb 4216 1_1_1 EXIST::FUNCTION:CRYPTO_MDEBUG BIO_lookup_ex 4217 1_1_1 EXIST::FUNCTION:SOCK +X509_CRL_print_ex 4218 1_1_1 EXIST::FUNCTION: