1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
|
.\" $OpenBSD: X509_NAME_print_ex.3,v 1.12 2021/11/11 15:58:49 schwarze Exp $
.\" full merge up to: OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400
.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2002, 2004, 2007, 2016, 2017 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\" software must display the following acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For written permission, please contact
.\" openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\" nor may "OpenSSL" appear in their names without prior written
.\" permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 11 2021 $
.Dt X509_NAME_PRINT_EX 3
.Os
.Sh NAME
.Nm X509_NAME_print_ex ,
.Nm X509_NAME_print_ex_fp ,
.Nm X509_NAME_oneline ,
.Nm X509_NAME_print
.Nd X509_NAME printing routines
.Sh SYNOPSIS
.In openssl/x509.h
.Ft int
.Fo X509_NAME_print_ex
.Fa "BIO *out"
.Fa "const X509_NAME *nm"
.Fa "int indent"
.Fa "unsigned long flags"
.Fc
.Ft int
.Fo X509_NAME_print_ex_fp
.Fa "FILE *fp"
.Fa "const X509_NAME *nm"
.Fa "int indent"
.Fa "unsigned long flags"
.Fc
.Ft char *
.Fo X509_NAME_oneline
.Fa "const X509_NAME *a"
.Fa "char *buf"
.Fa "int size"
.Fc
.Ft int
.Fo X509_NAME_print
.Fa "BIO *bp"
.Fa "const X509_NAME *name"
.Fa "int obase"
.Fc
.Sh DESCRIPTION
.Fn X509_NAME_print_ex
prints a human readable version of
.Fa nm
to
.Vt BIO
.Fa out .
Each line (for multiline formats) is indented by
.Fa indent
spaces.
The output format can be extensively customised by use of the
.Fa flags
parameter.
.Pp
.Fn X509_NAME_print_ex_fp
is identical to
.Fn X509_NAME_print_ex
except the output is written to the
.Vt FILE
pointer
.Fa fp .
.Pp
.Fn X509_NAME_oneline
prints an ASCII version of
.Fa a
to
.Fa buf .
If
.Fa buf
is
.Dv NULL ,
then a buffer is dynamically allocated and returned, and
.Fa size
is ignored.
Otherwise, at most
.Fa size
bytes will be written, including the ending NUL, and
.Fa buf
is returned.
.Pp
.Fn X509_NAME_print
prints out
.Fa name
to
.Fa bp
indenting each line by
.Fa obase
characters.
Multiple lines are used if the output (including indent) exceeds 80
characters.
.Pp
The functions
.Fn X509_NAME_oneline
and
.Fn X509_NAME_print
are legacy functions which produce a non-standard output form.
They don't handle multi-character fields and have various quirks
and inconsistencies.
Their use is strongly discouraged in new applications.
.Pp
Although there are a large number of possible flags, for most purposes
.Dv XN_FLAG_ONELINE ,
.Dv XN_FLAG_MULTILINE ,
or
.Dv XN_FLAG_RFC2253
will suffice.
As noted on the
.Xr ASN1_STRING_print_ex 3
manual page, for UTF-8 terminals the
.Dv ASN1_STRFLGS_ESC_MSB
should be unset: so for example
.Dv XN_FLAG_ONELINE No & Pf ~ Dv ASN1_STRFLGS_ESC_MSB
would be used.
.Pp
The complete set of the flags supported by
.Dv X509_NAME_print_ex
is listed below.
.Pp
Several options can be OR'ed together.
.Pp
The options
.Dv XN_FLAG_SEP_COMMA_PLUS ,
.Dv XN_FLAG_SEP_CPLUS_SPC ,
.Dv XN_FLAG_SEP_SPLUS_SPC ,
and
.Dv XN_FLAG_SEP_MULTILINE
determine the field separators to use.
Two distinct separators are used between distinct
.Vt RelativeDistinguishedName
components and separate values in the same RDN for a multi-valued RDN.
Multi-valued RDNs are currently very rare so the second separator
will hardly ever be used.
.Pp
.Dv XN_FLAG_SEP_COMMA_PLUS
uses comma and plus as separators.
.Dv XN_FLAG_SEP_CPLUS_SPC
uses comma and plus with spaces:
this is more readable that plain comma and plus.
.Dv XN_FLAG_SEP_SPLUS_SPC
uses spaced semicolon and plus.
.Dv XN_FLAG_SEP_MULTILINE
uses spaced newline and plus respectively.
.Dv XN_FLAG_SEP_MASK
contains the bits used to represent these four options.
.Pp
If
.Dv XN_FLAG_DN_REV
is set, the whole DN is printed in reversed order.
.Pp
The fields
.Dv XN_FLAG_FN_SN ,
.Dv XN_FLAG_FN_LN ,
.Dv XN_FLAG_FN_OID ,
and
.Dv XN_FLAG_FN_NONE
determine how a field name is displayed.
It will use the short name (e.g. CN), the long name (e.g. commonName),
always use OID numerical form (normally OIDs are only used if the
field name is not recognised) and no field name, respectively.
.Dv XN_FLAG_FN_MASK
contains the bits used to represent these four options.
.Pp
If
.Dv XN_FLAG_SPC_EQ
is set, then spaces will be placed around the
.Ql =
character separating field names and values.
.Pp
If
.Dv XN_FLAG_DUMP_UNKNOWN_FIELDS
is set, then the encoding of unknown fields is printed instead of the
values.
.Pp
If
.Dv XN_FLAG_FN_ALIGN
is set, then field names are padded to 20 characters:
this is only of use for multiline format.
.Pp
Additionally, all the options supported by
.Xr ASN1_STRING_print_ex 3
can be used to control how each field value is displayed.
.Pp
In addition a number of options can be set for commonly used formats.
.Pp
.Dv XN_FLAG_RFC2253
sets options which produce an output compatible with RFC 2253.
It is equivalent to
.Dv ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV |
.Dv XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS .
.Pp
.Dv XN_FLAG_ONELINE
is a more readable one line format which is the same as:
.Dv ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC |
.Dv XN_FLAG_SPC_EQ | XN_FLAG_FN_SN .
.Pp
.Dv XN_FLAG_MULTILINE
is a multiline format which is the same as:
.Dv ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE |
.Dv XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN .
.Pp
.Dv XN_FLAG_COMPAT
uses a format identical to
.Fn X509_NAME_print :
in fact it calls
.Fn X509_NAME_print
internally.
.Sh RETURN VALUES
.Fn X509_NAME_print_ex
and
.Fn X509_NAME_print_ex_fp
return 1 on success or 0 on error if
.Dv XN_FLAG_COMPAT
is set in
.Fa flags .
Otherwise, they return the number of printed bytes including the
indentation or \-1 on error.
.Pp
.Fn X509_NAME_oneline
returns a valid string on success or
.Dv NULL
on error.
.Pp
.Fn X509_NAME_print
returns 1 on success or 0 on error.
.Sh SEE ALSO
.Xr ASN1_STRING_print_ex 3 ,
.Xr d2i_X509_NAME 3 ,
.Xr X509_NAME_get_index_by_NID 3 ,
.Xr X509_NAME_new 3
.Sh HISTORY
.Fn X509_NAME_oneline
and
.Fn X509_NAME_print
first appeared in SSLeay 0.5.1 and have been available since
.Ox 2.4 .
.Pp
.Fn X509_NAME_print_ex
and
.Fn X509_NAME_print_ex_fp
first appeared in OpenSSL 0.9.6 and have been available since
.Ox 2.9 .
|