The branch master has been updated via 632e8be2b570959dc3781c6956171e7e49f1aa58 (commit) from 42659159f4d4a8c16a0e9b089d40a5831b60cbb6 (commit)
- Log ----------------------------------------------------------------- commit 632e8be2b570959dc3781c6956171e7e49f1aa58 Author: Raul Ferrando <rferran...@protonmail.com> Date: Tue Feb 15 16:02:41 2022 +0100 Add -quiet option to pkcs7 for -print_certs Reviewed-by: Tomas Mraz <to...@openssl.org> Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17708) ----------------------------------------------------------------------- Summary of changes: apps/pkcs7.c | 13 +++++++++---- doc/man1/openssl-pkcs7.pod.in | 6 ++++++ test/recipes/25-test_pkcs7.t | 15 ++++++++++++++- .../grfc.pem => recipes/25-test_pkcs7_data/grfc.out} | 1 + 4 files changed, 30 insertions(+), 5 deletions(-) copy test/{certs/grfc.pem => recipes/25-test_pkcs7_data/grfc.out} (99%) diff --git a/apps/pkcs7.c b/apps/pkcs7.c index ac2dec152a..a95ea25377 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -23,8 +23,8 @@ typedef enum OPTION_choice { OPT_COMMON, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT, - OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE, - OPT_PROV_ENUM + OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_QUIET, + OPT_ENGINE, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS pkcs7_options[] = { @@ -46,6 +46,8 @@ const OPTIONS pkcs7_options[] = { {"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"}, {"print_certs", OPT_PRINT_CERTS, '-', "Print_certs print any certs or crl in the input"}, + {"quiet", OPT_QUIET, '-', + "When used with -print_certs, it produces a cleaner output"}, OPT_PROV_OPTIONS, {NULL} @@ -58,7 +60,7 @@ int pkcs7_main(int argc, char **argv) BIO *in = NULL, *out = NULL; int informat = FORMAT_PEM, outformat = FORMAT_PEM; char *infile = NULL, *outfile = NULL, *prog; - int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1; + int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, quiet = 0, ret = 1; OPTION_CHOICE o; OSSL_LIB_CTX *libctx = app_get0_libctx(); @@ -100,6 +102,9 @@ int pkcs7_main(int argc, char **argv) case OPT_PRINT_CERTS: print_certs = 1; break; + case OPT_QUIET: + quiet = 1; + break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; @@ -171,7 +176,7 @@ int pkcs7_main(int argc, char **argv) x = sk_X509_value(certs, i); if (text) X509_print(out, x); - else + else if (!quiet) dump_cert_text(out, x); if (!noout) diff --git a/doc/man1/openssl-pkcs7.pod.in b/doc/man1/openssl-pkcs7.pod.in index efd772d1d4..eeb5c356f0 100644 --- a/doc/man1/openssl-pkcs7.pod.in +++ b/doc/man1/openssl-pkcs7.pod.in @@ -19,6 +19,7 @@ B<openssl> B<pkcs7> [B<-out> I<filename>] [B<-print>] [B<-print_certs>] +[B<-quiet>] [B<-text>] [B<-noout>] {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -} @@ -63,6 +64,11 @@ Print out the full PKCS7 object. Prints out any certificates or CRLs contained in the file. They are preceded by their subject and issuer names in one line format. +=item B<-quiet> + +When used with -print_certs, prints out just the PEM-encoded +certificates without any other output. + =item B<-text> Prints out certificate details in full rather than just subject and diff --git a/test/recipes/25-test_pkcs7.t b/test/recipes/25-test_pkcs7.t index 37cd43dc6b..2905fe8fe0 100644 --- a/test/recipes/25-test_pkcs7.t +++ b/test/recipes/25-test_pkcs7.t @@ -15,10 +15,15 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_pkcs7"); -plan tests => 3; +plan tests => 6; require_ok(srctop_file('test','recipes','tconversion.pl')); +my @path = qw(test certs); +my $pemfile = "grfc.pem"; +my $p7file = "grfc.p7b"; +my $out = "grfc.out"; + subtest 'pkcs7 conversions -- pkcs7' => sub { tconversion( -type => 'p7', -in => srctop_file("test", "testp7.pem"), -args => ["pkcs7"] ); @@ -27,3 +32,11 @@ subtest 'pkcs7 conversions -- pkcs7d' => sub { tconversion( -type => 'p7d', -in => srctop_file("test", "pkcs7-1.pem"), -args => ["pkcs7"] ); }; +ok(run(app(["openssl", "crl2pkcs7", "-nocrl", + "-certfile", srctop_file(@path, $pemfile), + "-out", $p7file]))); +ok(run(app(["openssl", "pkcs7", "-print_certs", "-quiet", + "-in", $p7file, + "-out", $out]))); +is(cmp_text($out, srctop_file('test', 'recipes', '25-test_pkcs7_data', 'grfc.out')), + 0, 'Comparing output'); \ No newline at end of file diff --git a/test/certs/grfc.pem b/test/recipes/25-test_pkcs7_data/grfc.out similarity index 99% copy from test/certs/grfc.pem copy to test/recipes/25-test_pkcs7_data/grfc.out index 952818275b..21b7bf7820 100644 --- a/test/certs/grfc.pem +++ b/test/recipes/25-test_pkcs7_data/grfc.out @@ -28,3 +28,4 @@ HjAcMAgGBiqFA2RxATAIBgYqhQNkcQIwBgYEVR0gADAIBgYqhQMCAgMDQQC9ld1f Oit0pSliIMIkqIugExoh9UrWLrE/9VDplqCiyXkJFaJBwGDhHT8ljYj0TGDzD07j KW64bgG0AywHjyc3 -----END CERTIFICATE----- +