RE: Subject DN and hash output from openssl req

2000-06-23 Thread Svenning Sørensen 

I'm really sorry bothering you again, but I realized that my previous
patch was a bit clumsy. Mostly because it wasn't consistent with the
way "openssl x509" and "openssl crl" prints the DN hash value, so it
didn't fit too well into the convention of making symlink names based
on the hash (I have now removed the leading "hash=").
So I'm sending a new patch (this time against SNAP-2623), that I
hope will be more useful.

Regards,
SSS


 req.c.diff

RE: Subject DN and hash output from openssl req

2000-06-23 Thread Svenning Sørensen 

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Svenning Sørensen
> Sent: Friday, June 23, 2000 4:38 PM
> To: [EMAIL PROTECTED]
> Subject: Subject DN and hash output from openssl req

Argh! Having received my own mail from the list, I saw that the lines
were wrapped, so here we go again, with an attachment this time...

SSS


 req.c.diff

Subject DN and hash output from openssl req

2000-06-23 Thread Svenning Sørensen 

Hello,

I'm working on some scripts to enable users to request certs.
For this purpose I've made a patch to the openssl req command,
which enables the scripts to extract the subject DN and hash
value (like in openssl x509 -subject -hash ...).
In case this is of any interest for the public, I'm attaching
the patch below.
The patch is against SNAP-2615, but i suppose it will
patch the current snapshot with a litlle fuzz.

Regards,
SSS



--- req.c.orig  Fri Jun 23 13:13:40 2000
+++ req.c   Fri Jun 23 15:26:52 2000
@@ -104,6 +104,8 @@
  * -keyform- key file format.
  * -newkey - make a key and a request.
  * -modulus- print RSA modulus.
+ * -subject - print subject DN.
+ * -hash- print hash value.
  * -x509   - output a self signed X509 structure instead.
  * -asn1-kludge- output new certificate request in a format that
some CA's
  *   require.  This format is wrong
@@ -155,7 +157,7 @@
char *extensions = NULL;
char *req_exts = NULL;
EVP_CIPHER *cipher=NULL;
-   int modulus=0;
+   int modulus=0, subject=0, hash=0;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
char *p;
@@ -310,6 +312,10 @@
newhdr=1;
else if (strcmp(*argv,"-modulus") == 0)
modulus=1;
+else if (strcmp(*argv,"-subject") == 0)
+subject=1;
+else if (strcmp(*argv,"-hash") == 0)
+hash=1;
else if (strcmp(*argv,"-verify") == 0)
verify=1;
else if (strcmp(*argv,"-nodes") == 0)
@@ -367,7 +373,9 @@
BIO_printf(bio_err," -text  text form of
request\n");
BIO_printf(bio_err," -noout do not output REQ\n");
BIO_printf(bio_err," -verifyverify signature on
REQ\n");
-   BIO_printf(bio_err," -modulus   RSA modulus\n");
+   BIO_printf(bio_err," -modulus   print RSA modulus\n");
+   BIO_printf(bio_err," -subject   print subject DN\n");
+   BIO_printf(bio_err," -hash  print hash value\n");
BIO_printf(bio_err," -nodes don't encrypt the output
key\n");
BIO_printf(bio_err," -key file  use the private key
contained in file\n");
BIO_printf(bio_err," -keyform arg   key file format\n");
@@ -781,7 +789,7 @@
BIO_printf(bio_err,"verify OK\n");
}

-   if (noout && !text && !modulus)
+   if (noout && !text && !modulus && !subject && !hash)
{
ex=0;
goto end;
@@ -832,6 +840,38 @@
fprintf(stdout,"Wrong Algorithm type");
fprintf(stdout,"\n");
}
+
+if (subject)
+{
+char sn[256] = "";
+
+if (x509)
+
X509_NAME_oneline(X509_get_subject_name(x509ss),sn,256);
+else
+
X509_NAME_oneline(X509_REQ_get_subject_name(req),sn,256);
+if (!*sn)
+{
+fprintf(stdout,"subject=unavailable\n");
+goto end;
+}
+fprintf(stdout,"subject=%s\n",sn);
+}
+
+if (hash)
+{
+X509_NAME *xn;
+
+if (x509)
+xn=X509_get_subject_name(x509ss);
+else
+xn=X509_REQ_get_subject_name(req);
+if (xn == NULL)
+{
+fprintf(stdout,"hash=unavailable\n");
+goto end;
+}
+fprintf(stdout,"hash=%08lx\n",X509_NAME_hash(xn));
+}

if (!noout && !x509)
{

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]