From: Raul Ferrando Date: Tue, 15 Feb 2022 15:02:41 +0000 (+0100) Subject: Add -quiet option to pkcs7 for -print_certs X-Git-Tag: openssl-3.2.0-alpha1~2914 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=632e8be2b570959dc3781c6956171e7e49f1aa58;p=thirdparty%2Fopenssl.git Add -quiet option to pkcs7 for -print_certs Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17708) --- diff --git a/apps/pkcs7.c b/apps/pkcs7.c index ac2dec152a4..a95ea253777 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -23,8 +23,8 @@ typedef enum OPTION_choice { OPT_COMMON, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT, - OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE, - OPT_PROV_ENUM + OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_QUIET, + OPT_ENGINE, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS pkcs7_options[] = { @@ -46,6 +46,8 @@ const OPTIONS pkcs7_options[] = { {"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"}, {"print_certs", OPT_PRINT_CERTS, '-', "Print_certs print any certs or crl in the input"}, + {"quiet", OPT_QUIET, '-', + "When used with -print_certs, it produces a cleaner output"}, OPT_PROV_OPTIONS, {NULL} @@ -58,7 +60,7 @@ int pkcs7_main(int argc, char **argv) BIO *in = NULL, *out = NULL; int informat = FORMAT_PEM, outformat = FORMAT_PEM; char *infile = NULL, *outfile = NULL, *prog; - int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1; + int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, quiet = 0, ret = 1; OPTION_CHOICE o; OSSL_LIB_CTX *libctx = app_get0_libctx(); @@ -100,6 +102,9 @@ int pkcs7_main(int argc, char **argv) case OPT_PRINT_CERTS: print_certs = 1; break; + case OPT_QUIET: + quiet = 1; + break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; @@ -171,7 +176,7 @@ int pkcs7_main(int argc, char **argv) x = sk_X509_value(certs, i); if (text) X509_print(out, x); - else + else if (!quiet) dump_cert_text(out, x); if (!noout) diff --git a/doc/man1/openssl-pkcs7.pod.in b/doc/man1/openssl-pkcs7.pod.in index efd772d1d43..eeb5c356f0b 100644 --- a/doc/man1/openssl-pkcs7.pod.in +++ b/doc/man1/openssl-pkcs7.pod.in @@ -19,6 +19,7 @@ B B [B<-out> I] [B<-print>] [B<-print_certs>] +[B<-quiet>] [B<-text>] [B<-noout>] {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -} @@ -63,6 +64,11 @@ Print out the full PKCS7 object. Prints out any certificates or CRLs contained in the file. They are preceded by their subject and issuer names in one line format. +=item B<-quiet> + +When used with -print_certs, prints out just the PEM-encoded +certificates without any other output. + =item B<-text> Prints out certificate details in full rather than just subject and diff --git a/test/recipes/25-test_pkcs7.t b/test/recipes/25-test_pkcs7.t index 37cd43dc6bf..2905fe8fe07 100644 --- a/test/recipes/25-test_pkcs7.t +++ b/test/recipes/25-test_pkcs7.t @@ -15,10 +15,15 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_pkcs7"); -plan tests => 3; +plan tests => 6; require_ok(srctop_file('test','recipes','tconversion.pl')); +my @path = qw(test certs); +my $pemfile = "grfc.pem"; +my $p7file = "grfc.p7b"; +my $out = "grfc.out"; + subtest 'pkcs7 conversions -- pkcs7' => sub { tconversion( -type => 'p7', -in => srctop_file("test", "testp7.pem"), -args => ["pkcs7"] ); @@ -27,3 +32,11 @@ subtest 'pkcs7 conversions -- pkcs7d' => sub { tconversion( -type => 'p7d', -in => srctop_file("test", "pkcs7-1.pem"), -args => ["pkcs7"] ); }; +ok(run(app(["openssl", "crl2pkcs7", "-nocrl", + "-certfile", srctop_file(@path, $pemfile), + "-out", $p7file]))); +ok(run(app(["openssl", "pkcs7", "-print_certs", "-quiet", + "-in", $p7file, + "-out", $out]))); +is(cmp_text($out, srctop_file('test', 'recipes', '25-test_pkcs7_data', 'grfc.out')), + 0, 'Comparing output'); \ No newline at end of file diff --git a/test/recipes/25-test_pkcs7_data/grfc.out b/test/recipes/25-test_pkcs7_data/grfc.out new file mode 100644 index 00000000000..21b7bf7820b --- /dev/null +++ b/test/recipes/25-test_pkcs7_data/grfc.out @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFGDCCBMegAwIBAgIQDIxAk7vmk71DC/UYJgMdBTAIBgYqhQMCAgMwggEWMRgw +FgYFKoUDZAESDTEwMjc3MzkzMzQ0NzkxGjAYBggqhQMDgQMBARIMMDA3NzA2MjI4 +MjE4MTowOAYDVQQJDDHQlNC10YDQsdC10L3QtdCy0YHQutCw0Y8g0L3QsNCxLiDQ +tC4gNyDRgdGC0YAuIDE1MR8wHQYJKoZIhvcNAQkBFhBwa2ktZ3JmY0BncmZjLnJ1 +MQswCQYDVQQGEwJSVTEcMBoGA1UECAwTNzcg0LMuINCc0L7RgdC60LLQsDEVMBMG +A1UEBwwM0JzQvtGB0LrQstCwMRwwGgYDVQQKDBPQpNCT0KPQnyAi0JPQoNCn0KYi +MSEwHwYDVQQDDBjQo9CmINCk0JPQo9CfICLQk9Cg0KfQpiIwHhcNMTMwMzEyMDcz +ODI2WhcNMjgwMzEyMDc0NjAwWjCCARYxGDAWBgUqhQNkARINMTAyNzczOTMzNDQ3 +OTEaMBgGCCqFAwOBAwEBEgwwMDc3MDYyMjgyMTgxOjA4BgNVBAkMMdCU0LXRgNCx +0LXQvdC10LLRgdC60LDRjyDQvdCw0LEuINC0LiA3INGB0YLRgC4gMTUxHzAdBgkq +hkiG9w0BCQEWEHBraS1ncmZjQGdyZmMucnUxCzAJBgNVBAYTAlJVMRwwGgYDVQQI +DBM3NyDQsy4g0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQutCy0LAxHDAa +BgNVBAoME9Ck0JPQo9CfICLQk9Cg0KfQpiIxITAfBgNVBAMMGNCj0KYg0KTQk9Cj +0J8gItCT0KDQp9CmIjBjMBwGBiqFAwICEzASBgcqhQMCAiMBBgcqhQMCAh4BA0MA +BECWU7YnkJgff0sdJ+i50FXAYZlpcSz8wO/2AnfCzGC+PMj/NGOKMMWcv8I9eN7W +eEXwIuRc96StDM8zJigQGd/1o4IB6TCCAeUwNgYFKoUDZG8ELQwrItCa0YDQuNC/ +0YLQvtCf0YDQviBDU1AiICjQstC10YDRgdC40Y8gMy42KTCCATMGBSqFA2RwBIIB +KDCCASQMKyLQmtGA0LjQv9GC0L7Qn9GA0L4gQ1NQIiAo0LLQtdGA0YHQuNGPIDMu +NikMUyLQo9C00L7RgdGC0L7QstC10YDRj9GO0YnQuNC5INGG0LXQvdGC0YAgItCa +0YDQuNC/0YLQvtCf0YDQviDQo9CmIiDQstC10YDRgdC40LggMS41DE/QodC10YDR +gtC40YTQuNC60LDRgiDRgdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQv +MTIxLTE4NTkg0L7RgiAxNy4wNi4yMDEyDE/QodC10YDRgtC40YTQuNC60LDRgiDR +gdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQvMTI4LTE4MjIg0L7RgiAw +MS4wNi4yMDEyMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBRrAIaDidIAz1a4a+TjNhAeH3KuwzAQBgkrBgEEAYI3FQEEAwIBADAlBgNVHSAE +HjAcMAgGBiqFA2RxATAIBgYqhQNkcQIwBgYEVR0gADAIBgYqhQMCAgMDQQC9ld1f +Oit0pSliIMIkqIugExoh9UrWLrE/9VDplqCiyXkJFaJBwGDhHT8ljYj0TGDzD07j +KW64bgG0AywHjyc3 +-----END CERTIFICATE----- +