root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

apps: Escape control characters in DNs by default 

When displaying distinguished names the control characters
are escaped by default.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26932)

(cherry picked from commit 2411f9b662)
This commit is contained in:
Tomas Mraz 2025-02-28 11:13:27 +01:00
parent 9537245a5b
commit 84b4fef8ab
6 changed files with 61 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES.md
View File

@ -27,7 +27,10 @@ OpenSSL 3.2
### Changes between 3.2.4 and 3.2.5 [xx XXX xxxx] ### Changes between 3.2.4 and 3.2.5 [xx XXX xxxx]
* none yet * When displaying distinguished names in the openssl application escape control
characters by default.
*Tomáš Mráz*
### Changes between 3.2.3 and 3.2.4 [11 Feb 2025] ### Changes between 3.2.3 and 3.2.4 [11 Feb 2025]

6
apps/lib/apps.c
View File

@ -189,7 +189,11 @@ int set_nameopt(const char *arg)
unsigned long get_nameopt(void) unsigned long get_nameopt(void)
{ {
return return
nmflag_set ? nmflag : XN_FLAG_SEP_CPLUS_SPC | ASN1_STRFLGS_UTF8_CONVERT; nmflag_set ? nmflag : XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN
| ASN1_STRFLGS_ESC_CTRL
| ASN1_STRFLGS_UTF8_CONVERT
| ASN1_STRFLGS_DUMP_UNKNOWN
| ASN1_STRFLGS_DUMP_DER;
} }
void dump_cert_text(BIO *out, X509 *x) void dump_cert_text(BIO *out, X509 *x)

6
doc/man1/openssl-namedisplay-options.pod
View File

@ -18,8 +18,10 @@ displayed.
This is specified by using the B<-nameopt> option, which takes a This is specified by using the B<-nameopt> option, which takes a
comma-separated list of options from the following set. comma-separated list of options from the following set.
An option may be preceded by a minus sign, C<->, to turn it off. An option may be preceded by a minus sign, C<->, to turn it off.
The default value is C<utf8,sep_comma_plus_space>. The first four option arguments are the most commonly used.
The first four are the most commonly used.
The default value is
C<esc_ctrl,utf8,dump_unknown,dump_der,sep_comma_plus_space,sname>.
=head1 OPTIONS =head1 OPTIONS

8
test/certs/tab-in-dn.pem Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN CERTIFICATE-----
MIIBCjCBvaADAgECAhQtSLWSJKg8TpmuRG/UlzepKY2MazAFBgMrZXAwEzERMA8G
A1UEAwwIVGVzdAlUQUIwIBcNMjUwMjI4MTAzNDE5WhgPMjEyNTAyMDQxMDM0MTla
MBMxETAPBgNVBAMMCFRlc3QJVEFCMCowBQYDK2VwAyEA1ptSJCGrDHMlWEoirhZe
s2TETOMe4f0G335qXYHDPP+jITAfMB0GA1UdDgQWBBQwCDnyYnvR2GXoToxSxPmp
kvER+zAFBgMrZXADQQBszFQxeWW1BBUgWf9as2zDyYCO43kBWTFTypPsFkpuAg4t
oxrqzb7Kd4RIT0TGtRGgd3gwRkqC0ecgM/NmXOYM
-----END CERTIFICATE-----

27
test/certs/tab-in-dn.text Normal file
View File

@ -0,0 +1,27 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:48:b5:92:24:a8:3c:4e:99:ae:44:6f:d4:97:37:a9:29:8d:8c:6b
Signature Algorithm: ED25519
Issuer: CN=Test\09TAB
Validity
Not Before: Feb 28 10:34:19 2025 GMT
Not After : Feb 4 10:34:19 2125 GMT
Subject: CN=Test\09TAB
Subject Public Key Info:
Public Key Algorithm: ED25519
ED25519 Public-Key:
pub:
d6:9b:52:24:21:ab:0c:73:25:58:4a:22:ae:16:5e:
b3:64:c4:4c:e3:1e:e1:fd:06:df:7e:6a:5d:81:c3:
3c:ff
X509v3 extensions:
X509v3 Subject Key Identifier:
30:08:39:F2:62:7B:D1:D8:65:E8:4E:8C:52:C4:F9:A9:92:F1:11:FB
Signature Algorithm: ED25519
Signature Value:
6c:cc:54:31:79:65:b5:04:15:20:59:ff:5a:b3:6c:c3:c9:80:
8e:e3:79:01:59:31:53:ca:93:ec:16:4a:6e:02:0e:2d:a3:1a:
ea:cd:be:ca:77:84:48:4f:44:c6:b5:11:a0:77:78:30:46:4a:
82:d1:e7:20:33:f3:66:5c:e6:0c

14
test/recipes/25-test_x509.t
View File

@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_x509"); setup("test_x509");
plan tests => 44; plan tests => 46;
# Prevent MSys2 filename munging for arguments that look like file paths but # Prevent MSys2 filename munging for arguments that look like file paths but
# aren't # aren't
@ -42,6 +42,18 @@ ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_utf8,
is(cmp_text($out_utf8, $utf), is(cmp_text($out_utf8, $utf),
0, 'Comparing utf8 output with cyrillic.utf8'); 0, 'Comparing utf8 output with cyrillic.utf8');
SKIP: {
skip "EdDSA disabled", 2 if disabled("ecx");
$pem = srctop_file(@certs, "tab-in-dn.pem");
my $out_text = "out-tab-in-dn.text";
my $text = srctop_file(@certs, "tab-in-dn.text");
ok(run(app(["openssl", "x509", "-text", "-noout",
"-in", $pem, "-out", $out_text])));
is(cmp_text($out_text, $text),
0, 'Comparing default output with tab-in-dn.text');
}
SKIP: { SKIP: {
skip "DES disabled", 1 if disabled("des"); skip "DES disabled", 1 if disabled("des");
skip "Platform doesn't support command line UTF-8", 1 if $^O =~ /^(VMS|msys)$/; skip "Platform doesn't support command line UTF-8", 1 if $^O =~ /^(VMS|msys)$/;