Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

openssl req -nameopt fails

416 views
Skip to first unread message

Michael Bell

unread,
May 27, 2002, 6:54:05 AM5/27/02
to
Hi,

I test the following with "openssl req"

/usr/local/ssl/bin/openssl req -in ie.pem -subject -noout

subject=/emailAddress=roland...@rz.hu-berlin.de/CN=Roland
Herbst/OU=Internet/O=Humboldt-Universitaet zu Berlin/C=DE

/usr/local/ssl/bin/openssl req -nameopt RFC2253 -in ie.pem -subject
-noout

subject=C=DE,O=Humboldt-Universitaet zu Berlin,OU=Internet,CN=Roland
Herbst,emailAddress=roland...@rz.hu-berlin.de

So nameopt works if I used -subj but it fails for -text.

/usr/local/ssl/bin/openssl req -in ie.pem -text -noout

Certificate Request:
Data:
Version: 0 (0x0)
Subject: emailAddress=roland...@rz.hu-berlin.de, CN=Roland
Herbst, OU=Internet, O=Humboldt-Universitaet zu Berlin, C=DE
Subject Public Key Info:
...

/usr/local/ssl/bin/openssl req -nameopt RFC2253 -in ie.pem -text -noout
Certificate Request:
Data:
Version: 0 (0x0)
Subject: emailAddress=roland...@rz.hu-berlin.de, CN=Roland
Herbst, OU=Internet, O=Humboldt-Universitaet zu Berlin, C=DE
Subject Public Key Info:
...

I will check the code to find the problem.

Michael
--
-------------------------------------------------------------------
Michael Bell Email (private): michae...@web.de
Rechenzentrum - Datacenter Email: michae...@rz.hu-berlin.de
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany http://www.openca.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List opens...@openssl.org
Automated List Manager majo...@openssl.org

Michael Bell

unread,
May 27, 2002, 7:07:15 AM5/27/02
to
Dies ist eine mehrteilige Nachricht im MIME-Format.
--------------078772C06779E23A6E50B1F6
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Michael Bell schrieb:

> So nameopt works if I used -subj but it fails for -text.

I wrote a patch for req to support:

-nameopt (for -text too)
-reqopt

Please read the README to see what I changed.

Michael
--
-------------------------------------------------------------------
Michael Bell Email (private): michae...@web.de
Rechenzentrum - Datacenter Email: michae...@rz.hu-berlin.de
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany http://www.openca.org

--------------078772C06779E23A6E50B1F6
Content-Type: text/plain; charset=us-ascii;
name="README"
Content-Disposition: inline;
filename="README"
Content-Transfer-Encoding: 7bit

changed files:
crypto/asn1/t_req.c
* introduce X509_REQ_print_ex
* X509_REQ_print_ex works like X509_print_ex
crypto/x509/x509.h
* added X509_FLAG_NO_ATTRIBUTES
apps/apps.c
* added X509_FLAG_NO_ATTRIBUTES to set_cert_ex
(I don't want to introduce so much stuff like for
certs for reqs too only for one option and a not supported
flag is not dangerous)
apps/req.c
* added option -reqopt
* full support for -nameopt

--------------078772C06779E23A6E50B1F6
Content-Type: text/plain; charset=us-ascii;
name="apps.c.patch"
Content-Disposition: inline;
filename="apps.c.patch"
Content-Transfer-Encoding: 7bit

1066d1065
< { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},

--------------078772C06779E23A6E50B1F6
Content-Type: text/plain; charset=us-ascii;
name="req.c.patch"
Content-Disposition: inline;
filename="req.c.patch"
Content-Transfer-Encoding: 7bit

154c154
< unsigned long nmflag = 0, reqflag = 0;
---
> unsigned long nmflag = 0;
359,363d358
< else if (strcmp(*argv,"-reqopt") == 0)
< {
< if (--argc < 1) goto bad;
< if (!set_cert_ex(&reqflag, *(++argv))) goto bad;
< }
456,457c451
< BIO_printf(bio_err," -nameopt arg - various certificate name options\n");
< BIO_printf(bio_err," -reqopt arg - various request text options\n\n");
---
> BIO_printf(bio_err," -nameopt arg - various certificate name options\n");
990c984
< X509_print_ex(out, x509ss, nmflag, reqflag);
---
> X509_print(out,x509ss);
992c986
< X509_REQ_print_ex(out, req, nmflag, reqflag);
---
> X509_REQ_print(out,req);
1153,1157c1147
< size_t buflen = strlen (subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
< char *buf = malloc (buflen);
< size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
< char **ne_types = malloc (max_ne * sizeof (char *));
< char **ne_values = malloc (max_ne * sizeof (char *));
---
> X509_NAME *n;
1159,1160c1149,1150
< char *sp = subject, *bp = buf;
< int i, ne_num = 0;
---
> if (!(n = do_subject(subject, chtype)))
> return 0;
1162,1233c1152
< X509_NAME *n = NULL;
< int nid;
<
< if (!buf || !ne_types || !ne_values)
< {
< BIO_printf(bio_err, "malloc error\n");
< goto error0;
< }
<
< if (*subject != '/')
< {
< BIO_printf(bio_err, "Subject does not start with '/'.\n");
< goto error0;
< }
< sp++; /* skip leading / */
<
< while (*sp)
< {
< /* collect type */
< ne_types[ne_num] = bp;
< while (*sp)
< {
< if (*sp == '\\') /* is there anything to escape in the type...? */
< if (*++sp)
< *bp++ = *sp++;
< else
< {
< BIO_printf(bio_err, "escape character at end of string\n");
< goto error0;
< }
< else if (*sp == '=')
< {
< sp++;
< *bp++ = '\0';
< break;
< }
< else
< *bp++ = *sp++;
< }
< if (!*sp)
< {
< BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
< goto error0;
< }
< ne_values[ne_num] = bp;
< while (*sp)
< {
< if (*sp == '\\')
< if (*++sp)
< *bp++ = *sp++;
< else
< {
< BIO_printf(bio_err, "escape character at end of string\n");
< goto error0;
< }
< else if (*sp == '/')
< {
< sp++;
< *bp++ = '\0';
< break;
< }
< else
< *bp++ = *sp++;
< }
< *bp++ = '\0';
< ne_num++;
< }
<
< if (!(n = X509_NAME_new()))
< goto error0;
<
< for(i = 0; i < ne_num; i++)
---
> if (!X509_REQ_set_subject_name(req, n))
1235,1249c1154,1155
< if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
< {
< BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
< continue;
< }
<
< if (!*ne_values[i])
< {
< BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
< continue;
< }
<
< if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0))
< goto error1;
<
---
> X509_NAME_free(n);
> return 0;
1251,1253d1156
<
< if (!X509_REQ_set_subject_name(req, n))
< goto error1;
1255,1257d1157
< free (ne_values);
< free (ne_types);
< free (buf);
1259,1266d1158
<
< error1:
< X509_NAME_free(n);
< error0:
< free (ne_values);
< free (ne_types);
< free (buf);
< return 0;

--------------078772C06779E23A6E50B1F6
Content-Type: text/plain; charset=us-ascii;
name="t_req.c.patch"
Content-Disposition: inline;
filename="t_req.c.patch"
Content-Transfer-Encoding: 7bit

85c85
< int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)
---
> int X509_REQ_print(BIO *bp, X509_REQ *x)
95,105d94
< char mlch = ' ';
< int nmindent = 0;
<
< if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
< mlch = '\n';
< nmindent = 12;
< }
<
< if(nmflags == X509_FLAG_COMPAT)
< nmindent = 16;
<
108,137c97,117
< if(!(cflag & X509_FLAG_NO_HEADER))
< {
< if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
< if (BIO_write(bp," Data:\n",10) <= 0) goto err;
< }
< if(!(cflag & X509_FLAG_NO_VERSION))
< {
< neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
< l=0;
< for (i=0; i<ri->version->length; i++)
< { l<<=8; l+=ri->version->data[i]; }
< sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
< if (BIO_puts(bp,str) <= 0) goto err;
< }
< if(!(cflag & X509_FLAG_NO_SUBJECT))
< {
< if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err;
< if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;
< if (BIO_write(bp,"\n",1) <= 0) goto err;
< }
< if(!(cflag & X509_FLAG_NO_PUBKEY))
< {
< if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0)
< goto err;
< if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
< goto err;
< if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
< goto err;
< if (BIO_puts(bp, "\n") <= 0)
< goto err;
---
> sprintf(str,"Certificate Request:\n");
> if (BIO_puts(bp,str) <= 0) goto err;
> sprintf(str,"%4sData:\n","");
> if (BIO_puts(bp,str) <= 0) goto err;
>
> neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
> l=0;
> for (i=0; i<ri->version->length; i++)
> { l<<=8; l+=ri->version->data[i]; }
> sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
> if (BIO_puts(bp,str) <= 0) goto err;
> sprintf(str,"%8sSubject: ","");
> if (BIO_puts(bp,str) <= 0) goto err;
>
> X509_NAME_print(bp,ri->subject,16);
> sprintf(str,"\n%8sSubject Public Key Info:\n","");
> if (BIO_puts(bp,str) <= 0) goto err;
> i=OBJ_obj2nid(ri->pubkey->algor->algorithm);
> sprintf(str,"%12sPublic Key Algorithm: %s\n","",
> (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
> if (BIO_puts(bp,str) <= 0) goto err;
139,145c119
< pkey=X509_REQ_get_pubkey(x);
< if (pkey == NULL)
< {
< BIO_printf(bp,"%12sUnable to load Public Key\n","");
< ERR_print_errors(bp);
< }
< else
---
> pkey=X509_REQ_get_pubkey(x);
147,149c121,123
< if (pkey->type == EVP_PKEY_RSA)
< {
< BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
---
> if (pkey != NULL && pkey->type == EVP_PKEY_RSA)
> {
> BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
151,153c125,127
< RSA_print(bp,pkey->pkey.rsa,16);
< }
< else
---
> RSA_print(bp,pkey->pkey.rsa,16);
> }
> else
156,161c130,135
< if (pkey->type == EVP_PKEY_DSA)
< {
< BIO_printf(bp,"%12sDSA Public Key:\n","");
< DSA_print(bp,pkey->pkey.dsa,16);
< }
< else
---
> if (pkey != NULL && pkey->type == EVP_PKEY_DSA)
> {
> BIO_printf(bp,"%12sDSA Public Key:\n","");
> DSA_print(bp,pkey->pkey.dsa,16);
> }
> else
163c137
< BIO_printf(bp,"%12sUnknown Public Key:\n","");
---
> BIO_printf(bp,"%12sUnknown Public Key:\n","");
165,166c139,144
< EVP_PKEY_free(pkey);
< }
---
> if (pkey != NULL)
> EVP_PKEY_free(pkey);
>
> /* may not be */
> sprintf(str,"%8sAttributes:\n","");
> if (BIO_puts(bp,str) <= 0) goto err;
168c146,147
< if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
---
> sk=x->req_info->attributes;
> if (sk_X509_ATTRIBUTE_num(sk) == 0)
170,171c149
< /* may not be */
< sprintf(str,"%8sAttributes:\n","");
---
> sprintf(str,"%12sa0:00\n","");
173,175c151,154
<
< sk=x->req_info->attributes;
< if (sk_X509_ATTRIBUTE_num(sk) == 0)
---
> }
> else
> {
> for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
177c156,165
< sprintf(str,"%12sa0:00\n","");
---
> ASN1_TYPE *at;
> X509_ATTRIBUTE *a;
> ASN1_BIT_STRING *bs=NULL;
> ASN1_TYPE *t;
> int j,type=0,count=1,ii=0;
>
> a=sk_X509_ATTRIBUTE_value(sk,i);
> if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
> continue;
> sprintf(str,"%12s","");
179,180c167
< }
< else
---
> if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
182c169
< for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
---
> if (a->single)
184,195c171,175
< ASN1_TYPE *at;
< X509_ATTRIBUTE *a;
< ASN1_BIT_STRING *bs=NULL;
< ASN1_TYPE *t;
< int j,type=0,count=1,ii=0;
<
< a=sk_X509_ATTRIBUTE_value(sk,i);
< if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
< continue;
< sprintf(str,"%12s","");
< if (BIO_puts(bp,str) <= 0) goto err;
< if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
---
> t=a->value.single;
> type=t->type;
> bs=t->value.bit_string;
> }
> else
197,206c177,178
< if (a->single)
< {
< t=a->value.single;
< type=t->type;
< bs=t->value.bit_string;
< }
< else
< {
< ii=0;
< count=sk_ASN1_TYPE_num(a->value.set);
---
> ii=0;
> count=sk_ASN1_TYPE_num(a->value.set);
208,229c180,182
< at=sk_ASN1_TYPE_value(a->value.set,ii);
< type=at->type;
< bs=at->value.asn1_string;
< }
< }
< for (j=25-j; j>0; j--)
< if (BIO_write(bp," ",1) != 1) goto err;
< if (BIO_puts(bp,":") <= 0) goto err;
< if ( (type == V_ASN1_PRINTABLESTRING) ||
< (type == V_ASN1_T61STRING) ||
< (type == V_ASN1_IA5STRING))
< {
< if (BIO_write(bp,(char *)bs->data,bs->length)
< != bs->length)
< goto err;
< BIO_puts(bp,"\n");
< }
< else
< {
< BIO_puts(bp,"unable to print attribute\n");
< }
< if (++ii < count) goto get_next;
---
> at=sk_ASN1_TYPE_value(a->value.set,ii);
> type=at->type;
> bs=at->value.asn1_string;
232,239c185,190
< }
< if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
< {
< exts = X509_REQ_get_extensions(x);
< if(exts)
< {
< BIO_printf(bp,"%8sRequested Extensions:\n","");
< for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
---
> for (j=25-j; j>0; j--)
> if (BIO_write(bp," ",1) != 1) goto err;
> if (BIO_puts(bp,":") <= 0) goto err;
> if ( (type == V_ASN1_PRINTABLESTRING) ||
> (type == V_ASN1_T61STRING) ||
> (type == V_ASN1_IA5STRING))
241,249c192,193
< ASN1_OBJECT *obj;
< X509_EXTENSION *ex;
< int j;
< ex=sk_X509_EXTENSION_value(exts, i);
< if (BIO_printf(bp,"%12s","") <= 0) goto err;
< obj=X509_EXTENSION_get_object(ex);
< i2a_ASN1_OBJECT(bp,obj);
< j=X509_EXTENSION_get_critical(ex);
< if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
---
> if (BIO_write(bp,(char *)bs->data,bs->length)
> != bs->length)
251,256c195
< if(!X509V3_EXT_print(bp, ex, 0, 16))
< {
< BIO_printf(bp, "%16s", "");
< M_ASN1_OCTET_STRING_print(bp,ex->value);
< }
< if (BIO_write(bp,"\n",1) <= 0) goto err;
---
> BIO_puts(bp,"\n");
258c197,201
< sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
---
> else
> {
> BIO_puts(bp,"unable to print attribute\n");
> }
> if (++ii < count) goto get_next;
262,264c205,223
< if(!(cflag & X509_FLAG_NO_SIGDUMP))
< {
< if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
---
> exts = X509_REQ_get_extensions(x);
> if(exts) {
> BIO_printf(bp,"%8sRequested Extensions:\n","");
> for (i=0; i<sk_X509_EXTENSION_num(exts); i++) {
> ASN1_OBJECT *obj;
> X509_EXTENSION *ex;
> int j;
> ex=sk_X509_EXTENSION_value(exts, i);
> if (BIO_printf(bp,"%12s","") <= 0) goto err;
> obj=X509_EXTENSION_get_object(ex);
> i2a_ASN1_OBJECT(bp,obj);
> j=X509_EXTENSION_get_critical(ex);
> if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
> goto err;
> if(!X509V3_EXT_print(bp, ex, 0, 16)) {
> BIO_printf(bp, "%16s", "");
> M_ASN1_OCTET_STRING_print(bp,ex->value);
> }
> if (BIO_write(bp,"\n",1) <= 0) goto err;
265a225,228
> sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
> }
>
> if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
271,275d233
< }
<
< int X509_REQ_print(BIO *bp, X509_REQ *x)
< {
< return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);

--------------078772C06779E23A6E50B1F6
Content-Type: text/plain; charset=us-ascii;
name="x509.h.patch"
Content-Disposition: inline;
filename="x509.h.patch"
Content-Transfer-Encoding: 7bit

334d333
< #define X509_FLAG_NO_ATTRIBUTES (1L << 11)
1019d1017
< int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);

--------------078772C06779E23A6E50B1F6--

Goku Zeus

unread,
Jan 31, 2023, 12:35:42 PM1/31/23
to
When you are looking for new appliances, you are striving to conduct extensive study and come to the best conclusion regarding the brand.
https://www.problemascomunes.com/hotpoint/hornos-coccion/
0 new messages