Re: how do i escape spaces in -subj (DN) arg to req?

Fri, 18 Aug 2006 08:22:10 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I don't see an 'ssl' command on my system -- is this a shell script or an alias? If you have a script 'ssl' calling 'openssl' then you're going to have to deal with layers of quoting. 


For example, if 'ssl' is a script, then upon entering the command 'ssl 
req -subj "/C=US/ST=NY/L=New York"' it should receive arguments:


0:  ssl
1:  req
2:  -subj
3:  /C=US/ST=NY/L=New York

which is fine so far.  But if for example 'ssl' contains something like:

  openssl $@

then the command will be expanded to:

  openssl req -subj /C=US/ST=NY/L=New York

and 'openssl' will receive arguments:

0:  openssl
1:  req
2:  -subj
3:  /C=US/ST=NY/L=New
4:  York


which doesn't appear to be what you wanted.  This much can be patched up 
by replacing '$@' with '"$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9"' 
(resupplying any quoting that may have been stripped).  Further nested 
layers of interpretation by the shell would have to be treated similarly.



Escaping double-quoted string contents with backslash won't make a 
difference, because the escape will be consumed in the initial argument 
processing before 'ssl' gets control.  Single quotes can preserve it 
through one round of expansion but not more.



If 'ssl' is not a script or an alias, then we (or at least I) don't know 
what it is and cannot advise without more information about it.


I just tried the command:

  openssl req -subj "/C=US/ST=NY/L=New York" -new > ny.req


on OpenSSL 0.9.8 under the shell Bash 3.00.0(1)-release and it works just 
fine:


  mhw:~$ openssl req -text -noout < ny.req
  Certificate Request:
      Data:
          Version: 0 (0x0)
          Subject: C=US, ST=NY, L=New York

etc.


- -- 
Mark H. Wood, Lead System Programmer   [EMAIL PROTECTED]

Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/

iD8DBQFE5db7s/NR4JuTKG8RAgXPAJwPrjQm9mI99D/4agwrgX09KjLSUACffvVx
hKVXqtThDzDkQfHNMZ2isHw=
=QZtN
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]














    











					Reply via email to