Document the -certopt option to the x509 utility. Add no_issuer option. Fix X509_print_ex() so it prints out newlines when certain fields are omitted.

0a3ea5d3 · Dr. Stephen Henson · a5e4c0bb · 0a3ea5d3 · 0a3ea5d3 · 0a3ea5d3
隐藏空白更改
内联并排

Showing with 86 addition and 3 deletion

apps/apps.c apps/apps.c +1 -0

crypto/asn1/t_x509.c crypto/asn1/t_x509.c +4 -2

doc/apps/x509.pod doc/apps/x509.pod +81 -1

未找到文件。
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -754,6 +754,7 @@ int set_cert_ex(unsigned long *flags, const char *arg)
 		{ "no_signame", X509_FLAG_NO_SIGNAME, 0},
 		{ "no_validity", X509_FLAG_NO_VALIDITY, 0},
 		{ "no_subject", X509_FLAG_NO_SUBJECT, 0},
+		{ "no_issuer", X509_FLAG_NO_ISSUER, 0},
 		{ "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
 		{ "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
 		{ "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},

--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -177,10 +177,11 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 		{
 		if (BIO_printf(bp,"        Issuer:%c",mlch) <= 0) goto err;
 		if (!X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags)) goto err;
+		if (BIO_write(bp,"\n",1) <= 0) goto err;
 		}
 	if(!(cflag & X509_FLAG_NO_VALIDITY))
 		{
-		if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
+		if (BIO_write(bp,"        Validity\n",17) <= 0) goto err;
 		if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
 		if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
 		if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
@@ -191,10 +192,11 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 		{
 		if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
 		if (!X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags)) goto err;
+		if (BIO_write(bp,"\n",1) <= 0) goto err;
 		}
 	if(!(cflag & X509_FLAG_NO_PUBKEY))
 		{
-		if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
+		if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
 			goto err;
 		if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
 			goto err;

--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -113,6 +113,12 @@ prints out the certificate in text form. Full details are output including the
 public key, signature algorithms, issuer and subject names, serial number
 any extensions present and any trust settings.
+=item B<-certopt option>
+customise the output format used with B<-text>. This option may be used more
+than once to set multiple options. See the B<OUTPUT OPTIONS> section for
+more information.
 =item B<-noout>
 this option prevents output of the encoded version of the request.
@@ -142,7 +148,7 @@ outputs the issuer name.
 =item B<-nameopt option>
-option which determine how the subject or issuer names are displayed. This
+option which determines how the subject or issuer names are displayed. This
 option may be used more than once to set multiple options. See the B<NAME
 OPTIONS> section for more information.
@@ -486,6 +492,80 @@ name.
 =back
+=head1 OUTPUT OPTIONS
+As well as customising the name output format, it is also possible to
+customise the actual fields printed using the B<certopt> options when
+the B<text> option is present. The default behaviour is to print all fields.
+=item B<compatible>
+use the old format. This is equivalent to specifying no output options at all.
+=item B<no_header>
+don't print header information: that is the lines saying "Certificate" and "Data".
+=item B<no_version>
+don't print out the version number.
+=item B<no_serial>
+don't print out the serial number.
+=item B<no_signame>
+don't print out the signature algorithm used.
+=item B<no_validity>
+don't print the validity, that is the B<notBefore> and B<notAfter> fields.
+=item B<no_subject>
+don't print out the subject name.
+=item B<no_issuer>
+don't print out the issuer name.
+=item B<no_pubkey>
+don't print out the public key.
+=item B<no_sigdump>
+don't give a hexadecimal dump of the certificate signature.
+=item B<no_aux>
+don't print out certificate trust information.
+=item B<no_extensions>
+don't print out any X509V3 extensions.
+=item B<ext_default>
+retain default extension behaviour: attempt to print out unsupported certificate extensions.
+=item B<ext_error>
+print an error message for unsupported certificate extensions.
+=item B<ext_parse>
+ASN1 parse unsupported extensions.
+=item B<ext_dump>
+hex dump unsupported extensions.
+=over 4
+=back
 =head1 EXAMPLES
 Note: in these examples the '\' means the example should be all on one