The branch master has been updated via 6923d261b819cdd5d9e0a72337da6d6a92cef2a2 (commit) via 537976defe0775c016b9dbb36406bee1e96d0edb (commit) via 7e399f03829aad161b52b9c433b8d349c5922739 (commit) via 7a27bdbdce3d6d6548d5878a30aecc989fcab574 (commit) via 86cfd132ffc4f6198cc640a29c293850c0a59914 (commit) from dc18f036f161e1e49e1d001046716c77d1699e70 (commit)
- Log ----------------------------------------------------------------- commit 6923d261b819cdd5d9e0a72337da6d6a92cef2a2 Author: Dmitry Belyavskiy <beld...@gmail.com> Date: Fri Sep 17 17:49:39 2021 +0200 Update the default value for the -nameopt option - documentation Reviewed-by: Paul Dale <pa...@openssl.org> Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16583) commit 537976defe0775c016b9dbb36406bee1e96d0edb Author: Dmitry Belyavskiy <beld...@gmail.com> Date: Fri Sep 17 17:47:55 2021 +0200 NEWS and CHANGES are updated about switching to utf8 Reviewed-by: Paul Dale <pa...@openssl.org> Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16583) commit 7e399f03829aad161b52b9c433b8d349c5922739 Author: Dmitry Belyavskiy <beld...@gmail.com> Date: Mon Sep 13 19:24:24 2021 +0200 Tests adjustments for default output change Reviewed-by: Paul Dale <pa...@openssl.org> Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16583) commit 7a27bdbdce3d6d6548d5878a30aecc989fcab574 Author: Dmitry Belyavskiy <beld...@gmail.com> Date: Thu Sep 16 17:47:47 2021 +0200 Update gost-engine to match new default nameopt Reviewed-by: Paul Dale <pa...@openssl.org> Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16583) commit 86cfd132ffc4f6198cc640a29c293850c0a59914 Author: Dmitry Belyavskiy <beld...@gmail.com> Date: Sat Sep 11 13:56:28 2021 +0200 Use -nameopt utf8 by default Reviewed-by: Paul Dale <pa...@openssl.org> Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16583) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 5 ++++- NEWS.md | 5 +++-- apps/lib/apps.c | 2 +- doc/man1/openssl-namedisplay-options.pod | 2 +- gost-engine | 2 +- test/recipes/25-test_rusext.t | 6 +++++- test/recipes/80-test_pkcs12.t | 2 +- 7 files changed, 16 insertions(+), 8 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 58dffb15ef..c9d3825eec 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,7 +24,10 @@ OpenSSL 3.1 ### Changes between 3.0 and 3.1 [xx XXX xxxx] - * + * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings + by default. + + *Dmitry Belyavskiy* OpenSSL 3.0 ----------- diff --git a/NEWS.md b/NEWS.md index 7cf0d8a7b7..720cec7330 100644 --- a/NEWS.md +++ b/NEWS.md @@ -21,12 +21,13 @@ OpenSSL 3.1 ### Major changes between OpenSSL 3.0 and OpenSSL 3.1 [under development] - * + * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings + by default. OpenSSL 3.0 ----------- -### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] +### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 * Enhanced 'openssl list' with many new options. * Added migration guide to man7. diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 43c01401e8..6fe99422b9 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -197,7 +197,7 @@ int set_nameopt(const char *arg) unsigned long get_nameopt(void) { - return (nmflag_set) ? nmflag : XN_FLAG_ONELINE; + return (nmflag_set) ? nmflag : XN_FLAG_SEP_CPLUS_SPC | ASN1_STRFLGS_UTF8_CONVERT; } void dump_cert_text(BIO *out, X509 *x) diff --git a/doc/man1/openssl-namedisplay-options.pod b/doc/man1/openssl-namedisplay-options.pod index ff6ed1f4b4..a12f4dbf66 100644 --- a/doc/man1/openssl-namedisplay-options.pod +++ b/doc/man1/openssl-namedisplay-options.pod @@ -18,7 +18,7 @@ displayed. This is specified by using the B<-nameopt> option, which takes a comma-separated list of options from the following set. An option may be preceded by a minus sign, C<->, to turn it off. -The default value is C<oneline>. +The default value is C<utf8,sep_comma_plus_space>. The first four are the most commonly used. =head1 OPTIONS diff --git a/gost-engine b/gost-engine index 62583fb222..9869058423 160000 --- a/gost-engine +++ b/gost-engine @@ -1 +1 @@ -Subproject commit 62583fb222ec89ff4f6aa3d18b91ed3e64ed5cea +Subproject commit 986905842330e4a54e61334eb508fe3147c43e38 diff --git a/test/recipes/25-test_rusext.t b/test/recipes/25-test_rusext.t index 05727f9d04..6c02ed1ba2 100644 --- a/test/recipes/25-test_rusext.t +++ b/test/recipes/25-test_rusext.t @@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_rusext"); -plan tests => 5; +plan tests => 7; require_ok(srctop_file('test', 'recipes', 'tconversion.pl')); my $pem = srctop_file("test/certs", "grfc.pem"); @@ -31,3 +31,7 @@ ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_utf8, "-nameopt", "utf8", "-certopt", "no_pubkey"]))); is(cmp_text($out_utf8, srctop_file('test', 'recipes', '25-test_rusext_data', 'grfc.utf8')), 0, 'Comparing utf8 output'); +ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_utf8, + "-certopt", "no_pubkey"]))); +is(cmp_text($out_utf8, srctop_file('test', 'recipes', '25-test_rusext_data', 'grfc.utf8')), + 0, 'Comparing cyrillic utf8 output by default'); diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t index 1f0cb4d501..759cc57118 100644 --- a/test/recipes/80-test_pkcs12.t +++ b/test/recipes/80-test_pkcs12.t @@ -143,7 +143,7 @@ my @pkcs12info = run(app(["openssl", "pkcs12", "-info", "-in", $outfile5, "-passin", "pass:"]), capture => 1); # Test that with one input certificate, we get one output certificate -ok(grep(/subject=CN = server.example/, @pkcs12info) == 1, +ok(grep(/subject=CN\s*=\s*server.example/, @pkcs12info) == 1, "test one cert in output"); # Test that the expected friendly name is present in the output ok(grep(/testname/, @pkcs12info) == 1, "test friendly name in output");