New openssl subject parser hard to debug

-subj 'subject=C = US, ST = A, L = root, O = Hewlett Packard Enterprise Company, OU = Remote Device Access, CN = Hewlett Packard Enterprise Remote Device Access Test Local CA, emailAddress = rda@hpe.com' was a valid subject in openssl 1.0. Error received in 1.1 is: problems making Certificate Request Not very informative, I only figured this out because I compiled the code and added logging. Reviewed-by: N Tim Hudson <tjh@openssl.org> Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7098)

New openssl subject parser hard to debug
-subj 'subject=C = US, ST = A, L = root, O = Hewlett Packard Enterprise Company, OU = Remote Device Access, CN = Hewlett Packard Enterprise Remote Device Access Test Local CA, emailAddress = rda@hpe.com' was a valid subject in openssl 1.0. Error received in 1.1 is: problems making Certificate Request Not very informative, I only figured this out because I compiled the code and added logging. Reviewed-by: N Tim Hudson <tjh@openssl.org> Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7098)
2167640b · Eric Curtin · Pauli · 64ed55ab · 2167640b
隐藏空白更改
内联并排

Showing with 7 addition and 1 deletion

apps/apps.c apps/apps.c +7 -1

未找到文件。
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1768,8 +1768,14 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti)
    char *work;
    X509_NAME *n;
-    if (*cp++ != '/')
+    if (*cp++ != '/') {
+        BIO_printf(bio_err,
+                   "name is expected to be in the format "
+                   "/type0=value0/type1=value1/type2=... where characters may "
+                   "be escaped by \\. This name is not in that format: '%s'\n",
+                   --cp);
        return NULL;
+    }
    n = X509_NAME_new();
    if (n == NULL)