Re: DN formats

Dr Stephen Henson Wed, 3 Nov 1999 16:35:01 -0800
William M. Perry wrote:
> 
> Chris Ridd <[EMAIL PROTECTED]> writes:
> 
> > Hi,
> >
> > The DN string returned from the X509_NAME_oneline function has a
> > peculiar and non-standard format. (And undocumented too.)
> >
> > I have some diffs which will turn it into the RFC 1779 format, as a
> > compile time option.
> >
> > Would they be of any interest? Or should there be a new function which
> > returns the RFC format DN?
> 
> duh, never mind - 1779 is the one I was thinking of. :)
> 
> I would definitely be interested in this.  I'd like to see it as a
> diff. function though (X509_NAME_1779 or something like that)
> 

I've written some stuff that will print an X509_NAME in RFC2253 format
and noticed that the output was machine readable but not very "pretty"
under certain circumstances with only backslash and no quote escaping.

I then decided that various customisation options would be useful. These
included...

1. Quote escaping.
2. Which characters to escape.
3. How to handle multibyte characters: convert to UTF8 or use some kind
of escape like \U+XXXX for unicode.
4. Whether to print multiline
5. Whether to write "CN" or "commonName"
6. Whether to print the type of the string e.g. BMPSTRING.

and lots of others...

I got half way through this then noticed that the multibyte character
code was a mess (well non existent!) so that got revised first then I
got sidetracked with the chain verify stuff.

The trickiest part if how you print out a string so for example an
ASN1_STRING_print_ex() function that would take an ASN1_STRING argument
and format it in various ways would be the main part. This would be very
useful in other places too where string printing is a mess: e.g.
asn1parse.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: DN formats

Reply via email to
