Hello,
I'm working on some scripts to enable users to request certs.
For this purpose I've made a patch to the openssl req command,
which enables the scripts to extract the subject DN and hash
value (like in openssl x509 -subject -hash ...).
In case this is of any interest for the public, I'm attaching
the patch below.
The patch is against SNAP-20000615, but i suppose it will
patch the current snapshot with a litlle fuzz.
Regards,
SSS
------------
--- req.c.orig Fri Jun 23 13:13:40 2000
+++ req.c Fri Jun 23 15:26:52 2000
@@ -104,6 +104,8 @@
* -keyform - key file format.
* -newkey - make a key and a request.
* -modulus - print RSA modulus.
+ * -subject - print subject DN.
+ * -hash - print hash value.
* -x509 - output a self signed X509 structure instead.
* -asn1-kludge - output new certificate request in a format that
some CA's
* require. This format is wrong
@@ -155,7 +157,7 @@
char *extensions = NULL;
char *req_exts = NULL;
EVP_CIPHER *cipher=NULL;
- int modulus=0;
+ int modulus=0, subject=0, hash=0;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
char *p;
@@ -310,6 +312,10 @@
newhdr=1;
else if (strcmp(*argv,"-modulus") == 0)
modulus=1;
+ else if (strcmp(*argv,"-subject") == 0)
+ subject=1;
+ else if (strcmp(*argv,"-hash") == 0)
+ hash=1;
else if (strcmp(*argv,"-verify") == 0)
verify=1;
else if (strcmp(*argv,"-nodes") == 0)
@@ -367,7 +373,9 @@
BIO_printf(bio_err," -text text form of
request\n");
BIO_printf(bio_err," -noout do not output REQ\n");
BIO_printf(bio_err," -verify verify signature on
REQ\n");
- BIO_printf(bio_err," -modulus RSA modulus\n");
+ BIO_printf(bio_err," -modulus print RSA modulus\n");
+ BIO_printf(bio_err," -subject print subject DN\n");
+ BIO_printf(bio_err," -hash print hash value\n");
BIO_printf(bio_err," -nodes don't encrypt the output
key\n");
BIO_printf(bio_err," -key file use the private key
contained in file\n");
BIO_printf(bio_err," -keyform arg key file format\n");
@@ -781,7 +789,7 @@
BIO_printf(bio_err,"verify OK\n");
}
- if (noout && !text && !modulus)
+ if (noout && !text && !modulus && !subject && !hash)
{
ex=0;
goto end;
@@ -832,6 +840,38 @@
fprintf(stdout,"Wrong Algorithm type");
fprintf(stdout,"\n");
}
+
+ if (subject)
+ {
+ char sn[256] = "";
+
+ if (x509)
+
X509_NAME_oneline(X509_get_subject_name(x509ss),sn,256);
+ else
+
X509_NAME_oneline(X509_REQ_get_subject_name(req),sn,256);
+ if (!*sn)
+ {
+ fprintf(stdout,"subject=unavailable\n");
+ goto end;
+ }
+ fprintf(stdout,"subject=%s\n",sn);
+ }
+
+ if (hash)
+ {
+ X509_NAME *xn;
+
+ if (x509)
+ xn=X509_get_subject_name(x509ss);
+ else
+ xn=X509_REQ_get_subject_name(req);
+ if (xn == NULL)
+ {
+ fprintf(stdout,"hash=unavailable\n");
+ goto end;
+ }
+ fprintf(stdout,"hash=%08lx\n",X509_NAME_hash(xn));
+ }
if (!noout && !x509)
{
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
