Openssl behaves differently when printing subject or issuer from request or from existing certificate in x509. If using x509 there is an extra space after '=' character. It can affect scripts that checks whether these fields in request and certificate match. Moreover when printing serial, the in x509 there was no extra space, so the behavior was kind of unpredictable. The attached patch deletes the extra space in x509 output.
Jiri Horky
--- apps/x509.c 2013-10-03 13:42:39.504547535 +0200 +++ apps/x509.c.orig 2013-10-03 13:42:25.784301201 +0200 @@ -728,12 +728,12 @@ bad: { if (issuer == i) { - print_name(STDout, "issuer=", + print_name(STDout, "issuer= ", X509_get_issuer_name(x), nmflag); } else if (subject == i) { - print_name(STDout, "subject=", + print_name(STDout, "subject= ", X509_get_subject_name(x), nmflag); } else if (serial == i)