From: Dr. David von Oheimb Date: Wed, 3 Nov 2021 17:41:07 +0000 (+0100) Subject: APPS/cmp: make the -sans option support email addresses (type rfc822Name) X-Git-Tag: openssl-3.2.0-alpha1~3379 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=03ee2e5b1ecd1832d99d07fc459ecf62f5a0b168;p=thirdparty%2Fopenssl.git APPS/cmp: make the -sans option support email addresses (type rfc822Name) Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16960) --- diff --git a/apps/cmp.c b/apps/cmp.c index b6e88e64f6d..1c97075531d 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -836,11 +836,12 @@ static int set_gennames(OSSL_CMP_CTX *ctx, char *names, const char *desc) continue; } - /* try IP address first, then URI or domain name */ + /* try IP address first, then email/URI/domain name */ (void)ERR_set_mark(); n = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_IPADD, names, 0); if (n == NULL) n = a2i_GENERAL_NAME(NULL, NULL, NULL, + strchr(names, '@') != NULL ? GEN_EMAIL : strchr(names, ':') != NULL ? GEN_URI : GEN_DNS, names, 0); (void)ERR_pop_to_mark(); diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index b4c3c822555..58e9bd7ddad 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -312,7 +312,8 @@ contained the given PKCS#10 CSR, overriding any extensions with same OIDs. =item B<-sans> I -One or more IP addresses, DNS names, or URIs separated by commas or whitespace +One or more IP addresses, email addresses, DNS names, or URIs +separated by commas or whitespace (where in the latter case the whole argument must be enclosed in "...") to add as Subject Alternative Name(s) (SAN) certificate request extension. If the special element "critical" is given the SANs are flagged as critical.