From 0a3ea5d34a4862160304dd6e4245f7aaab048e19 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 15 Mar 2001 01:15:54 +0000 Subject: [PATCH] Document the -certopt option to the x509 utility. Add no_issuer option. Fix X509_print_ex() so it prints out newlines when certain fields are omitted. --- apps/apps.c | 1 + crypto/asn1/t_x509.c | 6 ++-- doc/apps/x509.pod | 82 +++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 86 insertions(+), 3 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index c2633b21e..e4ca8b8cc 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -754,6 +754,7 @@ int set_cert_ex(unsigned long *flags, const char *arg) { "no_signame", X509_FLAG_NO_SIGNAME, 0}, { "no_validity", X509_FLAG_NO_VALIDITY, 0}, { "no_subject", X509_FLAG_NO_SUBJECT, 0}, + { "no_issuer", X509_FLAG_NO_ISSUER, 0}, { "no_pubkey", X509_FLAG_NO_PUBKEY, 0}, { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0}, { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0}, diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 22b547d79..bd019bb9b 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -177,10 +177,11 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) { if (BIO_printf(bp," Issuer:%c",mlch) <= 0) goto err; if (!X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags)) goto err; + if (BIO_write(bp,"\n",1) <= 0) goto err; } if(!(cflag & X509_FLAG_NO_VALIDITY)) { - if (BIO_write(bp,"\n Validity\n",18) <= 0) goto err; + if (BIO_write(bp," Validity\n",17) <= 0) goto err; if (BIO_write(bp," Not Before: ",24) <= 0) goto err; if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err; if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err; @@ -191,10 +192,11 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) { if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err; if (!X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags)) goto err; + if (BIO_write(bp,"\n",1) <= 0) goto err; } if(!(cflag & X509_FLAG_NO_PUBKEY)) { - if (BIO_write(bp,"\n Subject Public Key Info:\n",34) <= 0) + if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0) goto err; if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0) goto err; diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index 5a72f2655..dab9fa133 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -113,6 +113,12 @@ prints out the certificate in text form. Full details are output including the public key, signature algorithms, issuer and subject names, serial number any extensions present and any trust settings. +=item B<-certopt option> + +customise the output format used with B<-text>. This option may be used more +than once to set multiple options. See the B section for +more information. + =item B<-noout> this option prevents output of the encoded version of the request. @@ -142,7 +148,7 @@ outputs the issuer name. =item B<-nameopt option> -option which determine how the subject or issuer names are displayed. This +option which determines how the subject or issuer names are displayed. This option may be used more than once to set multiple options. See the B section for more information. @@ -486,6 +492,80 @@ name. =back +=head1 OUTPUT OPTIONS + +As well as customising the name output format, it is also possible to +customise the actual fields printed using the B options when +the B option is present. The default behaviour is to print all fields. + +=item B + +use the old format. This is equivalent to specifying no output options at all. + +=item B + +don't print header information: that is the lines saying "Certificate" and "Data". + +=item B + +don't print out the version number. + +=item B + +don't print out the serial number. + +=item B + +don't print out the signature algorithm used. + +=item B + +don't print the validity, that is the B and B fields. + +=item B + +don't print out the subject name. + +=item B + +don't print out the issuer name. + +=item B + +don't print out the public key. + +=item B + +don't give a hexadecimal dump of the certificate signature. + +=item B + +don't print out certificate trust information. + +=item B + +don't print out any X509V3 extensions. + +=item B + +retain default extension behaviour: attempt to print out unsupported certificate extensions. + +=item B + +print an error message for unsupported certificate extensions. + +=item B + +ASN1 parse unsupported extensions. + +=item B + +hex dump unsupported extensions. + +=over 4 + +=back + =head1 EXAMPLES Note: in these examples the '\' means the example should be all on one