Hello,

I'm working on some scripts to enable users to request certs.
For this purpose I've made a patch to the openssl req command,
which enables the scripts to extract the subject DN and hash
value (like in openssl x509 -subject -hash ...).
In case this is of any interest for the public, I'm attaching
the patch below.
The patch is against SNAP-20000615, but i suppose it will
patch the current snapshot with a litlle fuzz.

Regards,
SSS

------------

--- req.c.orig  Fri Jun 23 13:13:40 2000
+++ req.c       Fri Jun 23 15:26:52 2000
@@ -104,6 +104,8 @@
  * -keyform    - key file format.
  * -newkey     - make a key and a request.
  * -modulus    - print RSA modulus.
+ * -subject     - print subject DN.
+ * -hash        - print hash value.
  * -x509       - output a self signed X509 structure instead.
  * -asn1-kludge        - output new certificate request in a format that
some CA's
  *               require.  This format is wrong
@@ -155,7 +157,7 @@
        char *extensions = NULL;
        char *req_exts = NULL;
        EVP_CIPHER *cipher=NULL;
-       int modulus=0;
+       int modulus=0, subject=0, hash=0;
        char *passargin = NULL, *passargout = NULL;
        char *passin = NULL, *passout = NULL;
        char *p;
@@ -310,6 +312,10 @@
                        newhdr=1;
                else if (strcmp(*argv,"-modulus") == 0)
                        modulus=1;
+                else if (strcmp(*argv,"-subject") == 0)
+                        subject=1;
+                else if (strcmp(*argv,"-hash") == 0)
+                        hash=1;
                else if (strcmp(*argv,"-verify") == 0)
                        verify=1;
                else if (strcmp(*argv,"-nodes") == 0)
@@ -367,7 +373,9 @@
                BIO_printf(bio_err," -text          text form of
request\n");
                BIO_printf(bio_err," -noout         do not output REQ\n");
                BIO_printf(bio_err," -verify        verify signature on
REQ\n");
-               BIO_printf(bio_err," -modulus       RSA modulus\n");
+               BIO_printf(bio_err," -modulus       print RSA modulus\n");
+               BIO_printf(bio_err," -subject       print subject DN\n");
+               BIO_printf(bio_err," -hash          print hash value\n");
                BIO_printf(bio_err," -nodes         don't encrypt the output
key\n");
                BIO_printf(bio_err," -key file  use the private key
contained in file\n");
                BIO_printf(bio_err," -keyform arg   key file format\n");
@@ -781,7 +789,7 @@
                        BIO_printf(bio_err,"verify OK\n");
                }

-       if (noout && !text && !modulus)
+       if (noout && !text && !modulus && !subject && !hash)
                {
                ex=0;
                goto end;
@@ -832,6 +840,38 @@
                        fprintf(stdout,"Wrong Algorithm type");
                fprintf(stdout,"\n");
                }
+
+        if (subject)
+                {
+                char sn[256] = "";
+
+                if (x509)
+
X509_NAME_oneline(X509_get_subject_name(x509ss),sn,256);
+                else
+
X509_NAME_oneline(X509_REQ_get_subject_name(req),sn,256);
+                if (!*sn)
+                        {
+                        fprintf(stdout,"subject=unavailable\n");
+                        goto end;
+                        }
+                fprintf(stdout,"subject=%s\n",sn);
+                }
+
+        if (hash)
+                {
+                X509_NAME *xn;
+
+                if (x509)
+                        xn=X509_get_subject_name(x509ss);
+                else
+                        xn=X509_REQ_get_subject_name(req);
+                if (xn == NULL)
+                        {
+                        fprintf(stdout,"hash=unavailable\n");
+                        goto end;
+                        }
+                fprintf(stdout,"hash=%08lx\n",X509_NAME_hash(xn));
+                }

        if (!noout && !x509)
                {

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to