Add -issuer_hash and make -subject_hash the default way to get the

subject hash, with -hash a synonym kept around for backward compatibility reasons. PR: 650

Add -issuer_hash and make -subject_hash the default way to get the
subject hash, with -hash a synonym kept around for backward compatibility reasons. PR: 650
94805c84 · Richard Levitte · 6f2f534b · 94805c84 · 94805c84
隐藏空白更改
内联并排

Showing with 26 addition and 7 deletion

apps/x509.c apps/x509.c +15 -6

doc/apps/x509.pod doc/apps/x509.pod +11 -1

未找到文件。
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -92,7 +92,9 @@ static char *x509_usage[]={
 " -out arg        - output file - default stdout\n",
 " -passin arg     - private key password source\n",
 " -serial         - print serial number value\n",
-" -hash           - print hash value\n",
+" -subject_hash   - print subject hash value\n",
+" -issuer_hash    - print issuer hash value\n",
+" -hash           - synonym for -subject_hash\n",
 " -subject        - print subject DN\n",
 " -issuer         - print issuer DN\n",
 " -email          - print email address(es)\n",
@@ -167,8 +169,8 @@ int MAIN(int argc, char **argv)
 	char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
 	char *CAkeyfile=NULL,*CAserial=NULL;
 	char *alias=NULL;
-	int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
+	int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
-	int ocspid=0;
+	int subject_hash=0,issuer_hash=0,ocspid=0;
 	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
 	int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
 	int C=0;
@@ -379,8 +381,11 @@ int MAIN(int argc, char **argv)
 			x509req= ++num;
 		else if (strcmp(*argv,"-text") == 0)
 			text= ++num;
-		else if (strcmp(*argv,"-hash") == 0)
+		else if (strcmp(*argv,"-hash") == 0
-			hash= ++num;
+			|| strcmp(*argv,"-subject_hash") == 0)
+			subject_hash= ++num;
+		else if (strcmp(*argv,"-issuer_hash") == 0)
+			issuer_hash= ++num;
 		else if (strcmp(*argv,"-subject") == 0)
 			subject= ++num;
 		else if (strcmp(*argv,"-issuer") == 0)
@@ -707,10 +712,14 @@ bad:
 				if (alstr) BIO_printf(STDout,"%s\n", alstr);
 				else BIO_puts(STDout,"<No Alias>\n");
 				}
-			else if (hash == i)
+			else if (subject_hash == i)
 				{
 				BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
 				}
+			else if (issuer_hash == i)
+				{
+				BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x));
+				}
 			else if (pprint == i)
 				{
 				X509_PURPOSE *ptmp;

--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -17,6 +17,8 @@ B<openssl> B<x509>
 [B<-out filename>]
 [B<-serial>]
 [B<-hash>]
+[B<-subject_hash>]
+[B<-issuer_hash>]
 [B<-subject>]
 [B<-issuer>]
 [B<-nameopt option>]
@@ -141,12 +143,20 @@ contained in the certificate.
 outputs the certificate serial number.
-=item B<-hash>
+=item B<-subject_hash>
 outputs the "hash" of the certificate subject name. This is used in OpenSSL to
 form an index to allow certificates in a directory to be looked up by subject
 name.
+=item B<-issuer_hash>
+outputs the "hash" of the certificate issuer name.
+=item B<-hash>
+synonym for "-hash" for backward compatibility reasons.
 =item B<-subject>
 outputs the subject name.