[openssl.org #2436] pkcs12 enhancement and a correction to the doc of x509

Wed, 19 Jan 2011 06:56:54 -0800 

When converting pkcs12 files with several (CA)-certificates, the
resulting pem files do not have a textual view of the certficates,
something with is often desirable.

The enclosed patch adds support for -text, -nameopt and -certopt
parameters to pkcs12 which behave as with the x509 command.

and a missing -certopt in synopsis for x509 doc

Peter Sylvester


diff -r -p openssl-SNAP-20110119/apps/pkcs12.c openssl-SNAP-20110119mod/apps/pkcs12.c
*** openssl-SNAP-20110119/apps/pkcs12.c	2010-05-15 03:00:07.000000000 +0200
--- openssl-SNAP-20110119mod/apps/pkcs12.c	2011-01-19 12:15:44.000000000 +0100
*************** static int set_pbe(BIO *err, int *ppbe,
*** 92,97 ****
--- 92,100 ----
  
  int MAIN(int, char **);
  
+ unsigned long nmflag = 0, certflag = 0;
+ int text=0;
+ 
  int MAIN(int argc, char **argv)
  {
      ENGINE *e = NULL;
*************** int MAIN(int argc, char **argv)
*** 130,135 ****
--- 133,139 ----
  
      apps_startup();
  
+     nmflag = 0, certflag = 0; text = 0;
      enc = EVP_des_ede3_cbc();
      if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
  
*************** int MAIN(int argc, char **argv)
*** 261,266 ****
--- 265,276 ----
  			args++;	
  			CAfile = *args;
  		    } else badarg = 1;
+ 		} else if (!strcmp (*args, "-text"))
+ 					 text = 1;
+ 		else if (strcmp(*argv,"-certopt") == 0) {
+ 		    badarg = (--argc < 1 || !set_cert_ex(&certflag, *(++argv))) ; 
+ 		} else if (strcmp(*argv,"-nameopt") == 0) {
+ 		    badarg =  (--argc < 1 || !set_name_ex(&nmflag, *(++argv))) ;
  #ifndef OPENSSL_NO_ENGINE
  		} else if (!strcmp(*args,"-engine")) {
  		    if (args[1]) {
*************** int MAIN(int argc, char **argv)
*** 333,338 ****
--- 343,352 ----
  	BIO_printf(bio_err,  "              the random number generator\n");
  	BIO_printf(bio_err,  "-CSP name     Microsoft CSP name\n");
  	BIO_printf(bio_err,  "-LMK          Add local machine keyset attribute to private key\n");
+ 	BIO_printf(bio_err,  "-text         print certificates in text form\n");
+ 	BIO_printf(bio_err,  "-nameopt arg  various certificate name options\n");
+ 	BIO_printf(bio_err,  "-certopt arg  various certificate text options\n");
+ 
      	goto end;
      }
  
*************** int dump_certs_pkeys_bag (BIO *out, PKCS
*** 799,805 ****
  		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
  								 return 1;
  		if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
! 		dump_cert_text (out, x509);
  		PEM_write_bio_X509 (out, x509);
  		X509_free(x509);
  	break;
--- 813,822 ----
  		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
  								 return 1;
  		if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
! 		if (text) 
! 			X509_print_ex(out,x509,nmflag,certflag);
! 		else
! 			dump_cert_text (out, x509);
  		PEM_write_bio_X509 (out, x509);
  		X509_free(x509);
  	break;
diff -r -p openssl-SNAP-20110119/doc/apps/pkcs12.pod openssl-SNAP-20110119mod/doc/apps/pkcs12.pod
*** openssl-SNAP-20110119/doc/apps/pkcs12.pod	2006-12-21 22:00:35.000000000 +0100
--- openssl-SNAP-20110119mod/doc/apps/pkcs12.pod	2011-01-19 14:30:19.000000000 +0100
*************** B<openssl> B<pkcs12>
*** 40,45 ****
--- 40,48 ----
  [B<-CAfile file>]
  [B<-CApath dir>]
  [B<-CSP name>]
+ [B<-text>]
+ [B<-certopt option>]
+ [B<-nameopt option>]
  
  =head1 DESCRIPTION
  
*************** write B<name> as a Microsoft CSP name.
*** 282,287 ****
--- 285,317 ----
  
  =back
  
+ =head2 DISPLAY OPTIONS
+ 
+ Note: Details of these options are defined 
+ 
+ =over 4
+ 
+ =item B<-text>
+ 
+ prints out any certificate in text form as with L<x509(1)>.
+ 
+ =item B<-certopt option>
+ 
+ customise the output format used with B<-text>. The B<option> argument can be
+ a single option or multiple options separated by commas. The B<-certopt> switch
+ may be also be used more than once to set multiple options. See the (see 
+ L<x509(1)> for details for the options.
+ 
+ =item B<-nameopt option>
+ 
+ option which determines how the subject or issuer names are displayed. The
+ B<option> argument can be a single option or multiple options separated by
+ commas.  Alternatively the B<-nameopt> switch may be used more than once to
+ set multiple options. See the B<NAME OPTIONS> section of L<x509(1)> for more
+ information.
+ 
+ =back
+ 
  =head1 NOTES
  
  Although there are a large number of options most of them are very rarely
*************** file from the keys and certificates usin
*** 359,363 ****
  
  =head1 SEE ALSO
  
! L<pkcs8(1)|pkcs8(1)>
  
--- 389,393 ----
  
  =head1 SEE ALSO
  
! L<pkcs8(1)|pkcs8(1)|x509(1)>
  
diff -r -p openssl-SNAP-20110119/doc/apps/x509.pod openssl-SNAP-20110119mod/doc/apps/x509.pod
*** openssl-SNAP-20110119/doc/apps/x509.pod	2010-01-12 19:00:15.000000000 +0100
--- openssl-SNAP-20110119mod/doc/apps/x509.pod	2011-01-19 14:30:43.000000000 +0100
*************** B<openssl> B<x509>
*** 48,53 ****
--- 48,54 ----
  [B<-CAcreateserial>]
  [B<-CAserial filename>]
  [B<-text>]
+ [B<-certopt option>]
  [B<-C>]
  [B<-md2|-md5|-sha1|-mdc2>]
  [B<-clrext>]

Reply via email to