Hello openssl team, here is the patch providing -nameopt option to the openssl verify command. It makes possible to print certificate subject correctly in case of error.
Thank you. -- SY, Dmitry Belyavsky
--- ../openssl-1.0.1i/apps/verify.c 2014-08-07 01:10:56.000000000 +0400 +++ apps/verify.c 2015-02-13 20:53:00.202406546 +0300 @@ -74,6 +74,7 @@ STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, STACK_OF(X509_CRL) *crls, ENGINE *e); static int v_verbose=0, vflags = 0; +static unsigned long nmflag = 0; int MAIN(int, char **); @@ -145,6 +146,11 @@ if (argc-- < 1) goto end; crlfile= *(++argv); } + else if (strcmp(*argv,"-nameopt") == 0) + { + if (--argc < 1) goto end; + if (!set_name_ex(&nmflag, *(++argv))) goto end; + } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { @@ -317,9 +323,10 @@ { if (current_cert) { + nmflag = nmflag ? nmflag : XN_FLAG_ONELINE; X509_NAME_print_ex_fp(stdout, X509_get_subject_name(current_cert), - 0, XN_FLAG_ONELINE); + 0, nmflag); printf("\n"); } printf("%serror %d at %d depth lookup:%s\n",
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev